15 matches found
CVE-2025-12979 Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure
The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uscesexport' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials ex...
CVE-2025-62953 WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...
CVE-2025-54012
Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through = 2.11.16...
CVE-2025-54012
Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through = 2.11.16...
VulnCheck KEV: CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
Path traversal
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server...
WordPress plugin Welcart e-Commerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Welcart eCommerce directory traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Welcart eCommerce 2.7.7 and earlier versions are vulnerable to a directory traversal vulnerability,...
CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
Directory traversal
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
CVE-2022-41840 WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
CVE-2022-41840 WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
CVE-2022-41840
Welcart eCommerce WordPress plugin = 2.7.8) or apply the patch referenced by Patchstack. Note: The Nuclei template confirms unauthenticated local file inclusion; no further exploit details are provided in the available documents. If exploitation activity is observed in the wild, refer to the patc...
WordPress plugin Welcart eCommerce 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Welcart eCommerce 2.7.7 and earlier versions are vulnerable to a directory traversal vulnerability,...
Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access
The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...