WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

CVE-2025-62953

Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...

EUVD-2025-35989

Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...

CVE-2025-62953

Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...

PT-2025-43828

Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...

CVE-2020-28339

The usc-e-shop aka Collne Welcart e-Commerce plugin before 1.9.36 for WordPress allows Object Injection because of uscesunserialize. There is not a complete POP chain...

Design/Logic Flaw

The usc-e-shop aka Collne Welcart e-Commerce plugin before 1.9.36 for WordPress allows Object Injection because of uscesunserialize. There is not a complete POP chain...

CVE-2020-28339

CVE-2020-28339 affects the WordPress plugin Welcart e-Commerce (usc-e-shop) up to version 1.9.36. The issue is an authenticated PHP Object Injection via usces_unserialize, with the CVE description noting there is not a complete POP chain. Affected: plugin in WordPress; root cause: object injectio...

Welcart e-Commerce usc-e-shop.1.3.12 XSS / SQL Injection

============================================================== Title ...| SQL Injection in Welcart e-Commerce Version .| usc-e-shop.1.3.12 Date ....| 3.03.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...