15 matches found
CVE-2025-12979 Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure
The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uscesexport' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials ex...
CVE-2025-62953 WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...
CVE-2025-54012
Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through = 2.11.16...
CVE-2025-54012
Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through = 2.11.16...
VulnCheck KEV: CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
Path traversal
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server...
WordPress plugin Welcart e-Commerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Welcart eCommerce directory traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Welcart eCommerce 2.7.7 and earlier versions are vulnerable to a directory traversal vulnerability,...
CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
Directory traversal
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
CVE-2022-41840 WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
CVE-2022-41840
Welcart eCommerce WordPress plugin = 2.7.8) or apply the patch referenced by Patchstack. Note: The Nuclei template confirms unauthenticated local file inclusion; no further exploit details are provided in the available documents. If exploitation activity is observed in the wild, refer to the patc...
CVE-2022-41840 WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
WordPress plugin Welcart eCommerce 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Welcart eCommerce 2.7.7 and earlier versions are vulnerable to a directory traversal vulnerability,...
Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access
The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...