WordPress Plugin Vulnerabilities

Welcart e-Commerce 1.3.12 - DOM Cross-Site Scripting (XSS)

Description

The Welcart e-Commerce WordPress plugin was affected by a DOM Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 1.5

References

URL
https://packetstormsecurity.com/files/#125513/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
HauntIT
Verified
No
WPVDB ID
d4622a3e-3b1f-448b-90aa-47e50ab73893

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-12-10 (about 5 years ago)

Other

Published
Title
Published
2024-09-30
Title
BuddyForms < 2.8.13 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2025-05-07
Title
CookieCode <= 2.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2021-06-28
Title
Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2022-12-02
Title
ImageInject <= 1.17 - Admin+ Stored XSS
Published
2018-03-26
Title
Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS