Welcart Welcart_e-commerce
36 CVEs affecting Welcart Welcart_e-commerce. Latest disclosed: 2025-06-09. Critical: 1, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5952 | Critical | 9.8 | 2023-12-04 | The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Inject… |
CVE-2025-27130 | High | 8.8 | 2025-04-01 | Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may… |
CVE-2024-42404 | High | 8.8 | 2024-09-18 | SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in… |
CVE-2023-5953 | High | 8.8 | 2023-12-04 | The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action… |
CVE-2023-43610 | High | 8.8 | 2023-09-27 | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or highe… |
CVE-2022-4237 | High | 8.8 | 2023-01-02 | The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available… |
CVE-2023-50847 | High | 7.6 | 2023-12-28 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart… |
CVE-2021-4355 | High | 7.5 | 2023-06-07 | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_o… |
CVE-2022-4140 | High | 7.5 | 2023-01-02 | The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenti… |
CVE-2022-41840 | High | 7.5 | 2022-11-18 | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. |
CVE-2020-28339 | High | 7.5 | 2020-11-07 | The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete… |
CVE-2025-0511 | High | 7.2 | 2025-02-12 | The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9… |
CVE-2023-40219 | High | 7.2 | 2023-09-27 | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. |
CVE-2023-22705 | High | 7.1 | 2023-03-29 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions. |
CVE-2025-47511 | Medium | 6.8 | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversa… |
CVE-2022-4236 | Medium | 6.5 | 2023-01-02 | The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available… |
CVE-2022-3946 | Medium | 6.5 | 2022-12-12 | The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and… |
CVE-2016-4828 | Medium | 6.5 | 2016-06-25 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of… |
CVE-2015-7791 | Medium | 6.3 | 2015-12-29 | Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitra… |
CVE-2024-45366 | Medium | 6.1 | 2024-09-18 | Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on th… |