Cross-Site Scripting Vulnerability in Welcart e-Commerce Plugin by WordPress
CVE-2016-4827

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Welcart E-commerce
Vendor
CVE Published:
25 June 2016

Summary

The Welcart e-Commerce plugin for WordPress has a vulnerability that enables remote attackers to inject arbitrary web scripts or HTML into pages. This can occur due to insufficient validation of user input, allowing an attacker to exploit the vulnerability through unspecified vectors. Affected users should upgrade to the latest version, 1.8.3 or later, to mitigate this security risk and enhance the overall security of their websites.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000117
third-party-advisoryx_refsource_JVNDB
http://www.welcart.com/community/archives/78977
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN55826471/index.html
third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.