ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Welcart Plugin <= 1.4.17 - Multiple XSS

Product
Welcart
Description
These vulnerabilities allow the attackers to inject arbitrary web script or HTML via the "usces_referer" parameter to: includes/edit-form-advanced.php, includes/edit-form-advanced34.php, classes/usceshop.class.php, includes/member_edit_form.php, includes/order_list.php, includes/order_edit_form.php, includes/usces_item_master_list.php, related to admin.php or includes/edit-form-advanced30.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-2973
Versions
Affected In <= 1.4.17
Fixed In 1.4.18
Disclosure date
2015-04-07