CVE-2014-10016

Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:welcart:e-commerce:1.3.12:*:*:*:*:wordpress:*:*

Information

Published : 2015-01-13 03:59

Updated : 2017-09-07 18:29


NVD link : CVE-2014-10016

Mitre link : CVE-2014-10016


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

welcart

  • e-commerce