WordPress Plugin Vulnerabilities

Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS

Description

The Welcart e-Commerce WordPress plugin was affected by a purchase_limit Parameter DOM-based XSS security vulnerability.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 1.5

References

CVE
CVE-2014-10016
URL
https://packetstormsecurity.com/files/#125513/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
HauntIT
Verified
No
WPVDB ID
a4a24a76-ccf6-47a9-b022-5f978e4e03e3

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-12-10 (about 5 years ago)

Other

Published
Title
Published
2026-03-14
Title
Ultra Addons for Contact Form 7 < 3.5.37 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-01-23
Title
amr cron manager <= 2.3 - Unauthenticated Stored Cross-Site Scripting
Published
2015-05-15
Title
Anti-Malware & Brute-Force Security by ELI < 4.15.20 - Multiple Reflected XSS
Published
2026-01-23
Title
CM CSS Columns <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute
Published
2025-04-04
Title
News Kit Elementor Addons <= 1.4.2 - Contributor+ Stored XSS