344 matches found
CVE-2026-49775
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
EUVD-2026-36895
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
CVE-2026-49775
CVE-2026-49775 affects WordPress Welcart e-Commerce plugin versions
CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
PT-2026-49345
Name of the Vulnerable Software and Affected Versions Welcart e-Commerce versions prior to 2.11.29 Description Unauthenticated broken access control allows unauthorized users to bypass security restrictions. Recommendations Update to a version newer than 2.11.28...
WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Welcart e-Commerce versions = 2.11.28...
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2023-43493
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information...
CVE-2023-40532
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server...
CVE-2025-12979
CVE-2025-12979 describes an unauthorized data exposure vulnerability in the WordPress plug‑in Welcart e-Commerce . A missing capability check on the usces_export action affects all versions up to and including 2.11.24 , allowing unauthenticated attackers to access sensitive data such as configure...
CVE-2025-12979 Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure
The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uscesexport' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials ex...
WordPress plugin Welcart e-Commerce 安全漏洞
WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...
PT-2025-46782
Name of the Vulnerable Software and Affected Versions Welcart e-Commerce plugin for WordPress versions prior to 2.11.25 Description The Welcart e-Commerce plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the usces export action...
WordPress Welcart e-Commerce plugin <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by dudekmar - CERT.PL in WordPress Plugin Welcart e-Commerce versions = 2.11.24...
CVE-2025-62953
Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...
EUVD-2025-35989
Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...
CVE-2025-62953
Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...