Welcart Welcart_e-commerce

36 CVEs affecting Welcart Welcart_e-commerce. Latest disclosed: 2025-06-09. Critical: 1, High: 13.

Top CVEs affecting Welcart Welcart_e-commerce
CVESeverityScorePublishedSummary
CVE-2023-5952Critical9.82023-12-04The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Inject…
CVE-2025-27130High8.82025-04-01Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may…
CVE-2024-42404High8.82024-09-18SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in…
CVE-2023-5953High8.82023-12-04The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action…
CVE-2023-43610High8.82023-09-27SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or highe…
CVE-2022-4237High8.82023-01-02The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available…
CVE-2023-50847High7.62023-12-28Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart…
CVE-2021-4355High7.52023-06-07The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_o…
CVE-2022-4140High7.52023-01-02The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenti…
CVE-2022-41840High7.52022-11-18Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CVE-2020-28339High7.52020-11-07The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete…
CVE-2025-0511High7.22025-02-12The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9…
CVE-2023-40219High7.22023-09-27Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
CVE-2023-22705High7.12023-03-29Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
CVE-2025-47511Medium6.82025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversa…
CVE-2022-4236Medium6.52023-01-02The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available…
CVE-2022-3946Medium6.52022-12-12The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and…
CVE-2016-4828Medium6.52016-06-25The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of…
CVE-2015-7791Medium6.32015-12-29Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitra…
CVE-2024-45366Medium6.12024-09-18Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on th…