Session Mismanagement in Collne Welcart e-Commerce Plugin for WordPress
CVE-2016-4828

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
Welcart E-commerce
Vendor
CVE Published:
25 June 2016

Summary

The Collne Welcart e-Commerce plugin for WordPress suffers from session mismanagement, enabling remote attackers to gain unauthorized access to user accounts. By exploiting the knowledge of an account's associated e-mail address, attackers can manipulate sessions and potentially access critical user information. This vulnerability emphasizes the importance of robust session handling practices in e-commerce applications to safeguard sensitive user data from unauthorized access.

References

http://jvn.jp/en/jp/JVN61578437/index.html
third-party-advisoryx_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000118
third-party-advisoryx_refsource_JVNDB
http://www.welcart.com/community/archives/78977
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.