4 matches found
CVE-2025-10649
The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the user supplied value and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
CVE-2025-10649
CVE-2025-10649 : Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via cookie in versions up to 2.11.21. Attack requires authenticated access at Author+ level and can lead to extraction of sensitive data due to insufficient escaping and weak query prep. Remediation per PT-202...
PT-2025-41247
Name of the Vulnerable Software and Affected Versions Welcart e-Commerce plugin for WordPress versions through 2.11.21 Description The Welcart e-Commerce plugin for WordPress is susceptible to SQL Injection through the cookie. Insufficient escaping of user-supplied values and inadequate preparati...
WordPress plugin Welcart e-Commerce SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...