Description
WordPress Plugin Welcart e-Commerce is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin Welcart e-Commerce version 1.3.12 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly sanitised
References
Related Vulnerabilities
WordPress Plugin WP Events Calendar SQL Injection (1.0)
WordPress Plugin Form Lightbox Security Bypass (2.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
Chamilo Improper Input Validation Vulnerability (CVE-2021-31933)
WordPress Plugin WP Advanced Comment Cross-Site Scripting (0.10)