4 matches found
CVE-2025-10651 Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
CVE-2025-10651 Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
EUVD-2025-35353
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
WordPress plugin Welcart e-Commerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...