Vulnerabilities and Security Researches

Welcart e-Commerce, CVE-2022-3946

CVE, Research URL: CVE-2022-3946
Home page URL: Security reports for Welcart e-Commerce
Application: Welcart e-Commerce
Published on: Dec 12, 2022
Research Description: The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
Affected versions: Min -, max 2.8.4.
Status: vulnerable