Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
XSS
WordPress
PHP
Welcart E Commerce
NVD
CVSS 2.0
4.3
EPSS
0.4%