Multiple Cross-Site Scripting Vulnerabilities in Welcart e-Commerce Plugin for WordPress
CVE-2014-10016

Currently unrated

Key Information:

Vendor

Wordpress
Status
E-commerce
Vendor
CVE Published:
13 January 2015

What is CVE-2014-10016?

The Welcart e-Commerce plugin for WordPress is affected by multiple cross-site scripting vulnerabilities that enable remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities arise from unsafe handling of various parameters during the add_delivery_method action, specifically related to purchase limitations and additional fields, including name, intl, nocod, and time in the wp-admin/admin-ajax.php file. Attackers exploiting these vulnerabilities may compromise site integrity and user information, underscoring the importance of timely updates and security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/57222
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/65954
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/125513
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.