Vulnerabilities > Welcart

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-12	CVE-2025-0511	Cross-site Scripting vulnerability in Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. network low complexity welcart CWE-79	6.1
2024-06-11	CVE-2024-32144	Unspecified vulnerability in Welcart E-Commerce Missing Authorization vulnerability in Welcart Inc. network low complexity welcart	4.3
2023-12-28	CVE-2023-50847	SQL Injection vulnerability in Welcart E-Commerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. network low complexity welcart CWE-89	7.2
2023-12-09	CVE-2023-6120	Path Traversal vulnerability in Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. network low complexity welcart CWE-22	2.7
2023-12-04	CVE-2023-5951	Cross-site Scripting vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity welcart CWE-79	6.1
2023-12-04	CVE-2023-5952	Unspecified vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog network low complexity welcart critical	9.8
2023-12-04	CVE-2023-5953	Unrestricted Upload of File with Dangerous Type vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. network low complexity welcart CWE-434	8.8
2023-09-27	CVE-2023-40219	Unrestricted Upload of File with Dangerous Type vulnerability in Welcart E-Commerce Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. network low complexity welcart CWE-434	7.2
2023-09-27	CVE-2023-41233	Cross-site Scripting vulnerability in Welcart E-Commerce Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. network low complexity welcart CWE-79	6.1
2023-09-27	CVE-2023-41962	Cross-site Scripting vulnerability in Welcart E-Commerce Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. network low complexity welcart CWE-79	6.1

Vulnerabilities > Welcart {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Welcart"}]}

Vulnerabilities > Welcart