CVE-2014-10016

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce plugin version 1.3.12

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to purchase limit or the name, intl, nocod, or time parameter in an "add delivery method" action to "wp-admin/admin-ajax.php" API endpoint.

Recommendations For Welcart e-Commerce plugin version 1.3.12, consider disabling the "add delivery method" action in the "wp-admin/admin-ajax.php" API endpoint until a patch is available. Restrict access to the name, intl, nocod, and time parameters to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoint until the issue is resolved.