Uscnanbu Welcart E-commerce
8 CVEs affecting Uscnanbu Welcart E-commerce. Latest disclosed: 2025-11-13. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-4355 | High | 7.5 | 2023-06-07 | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_o… |
CVE-2025-0511 | High | 7.2 | 2025-02-12 | The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9… |
CVE-2025-10649 | Medium | 6.5 | 2025-10-08 | The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient esc… |
CVE-2025-10651 | Medium | 5.5 | 2025-10-22 | The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22… |
CVE-2025-9367 | Medium | 5.5 | 2025-09-10 | The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.11.20 due to insu… |
CVE-2025-12979 | Medium | 5.3 | 2025-11-13 | The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all… |
CVE-2021-4375 | Medium | 4.3 | 2023-06-07 | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information()… |
CVE-2023-6120 | Medium | 4.1 | 2023-12-09 | The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file fu… |