Uscnanbu Welcart E-commerce

8 CVEs affecting Uscnanbu Welcart E-commerce. Latest disclosed: 2025-11-13. Critical: 0, High: 2.

Top CVEs affecting Uscnanbu Welcart E-commerce
CVESeverityScorePublishedSummary
CVE-2021-4355High7.52023-06-07The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_o…
CVE-2025-0511High7.22025-02-12The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9…
CVE-2025-10649Medium6.52025-10-08The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient esc…
CVE-2025-10651Medium5.52025-10-22The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22…
CVE-2025-9367Medium5.52025-09-10The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.11.20 due to insu…
CVE-2025-12979Medium5.32025-11-13The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all…
CVE-2021-4375Medium4.32023-06-07The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information()…
CVE-2023-6120Medium4.12023-12-09The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file fu…