Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/10/09 1:27 p.m.10 views

CVE-2025-10649

The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the user supplied value and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2025/10/08 11:16 a.m.17 views

CVE-2025-10649

CVE-2025-10649 : Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via cookie in versions up to 2.11.21. Attack requires authenticated access at Author+ level and can lead to extraction of sensitive data due to insufficient escaping and weak query prep. Remediation per PT-202...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.10 views

PT-2025-41247

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce plugin for WordPress versions through 2.11.21 Description The Welcart e-Commerce plugin for WordPress is susceptible to SQL Injection through the cookie. Insufficient escaping of user-supplied values and inadequate preparati...

6.5CVSS6.9AI score0.00252EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.6 views

WordPress plugin Welcart e-Commerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS7.6AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder