WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Welcart e-Commerce versions = 2.11.28...

WordPress Friendly Functions for Welcart plugin <= 1.2.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Kai Aizen in WordPress Plugin Friendly Functions for Welcart versions = 1.2.5...

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2026-1208 Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2026-1208

The CVE-2026-1208 entry concerns the WordPress plugin Friendly Functions for Welcart (versions up to and including 1.2.5). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the plugin settings page, allowing unauthenticated attackers ...

CVE-2026-1208 Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

PT-2026-4605

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

WordPress Plugin Friendly Functions for Welcart – Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Exploit for CVE-2026-1208

CVE-2026-1208: Cross-Site Request Forgery in Friendly Function...

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43484

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43493

SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information...

CVE-2023-40532

Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server...

WordPress Welcart e-Commerce plugin <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Miguel Santareno in WordPress Plugin Welcart e-Commerce versions = 2.11.20...

WordPress Welcart e-Commerce Plugin Unauthorized Access Vulnerability

WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...

CVE-2025-12979

The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uscesexport' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials ex...

CVE-2025-12979

The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uscesexport' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials ex...