CVE-2025-62953 WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through = 2.11.24...

WordPress Welcart e-Commerce plugin <= 2.11.16 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Welcart e-Commerce versions = 2.11.16...

WordPress Welcart e-Commerce plugin <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via name Parameter vulnerability discovered by shaman0x01 in WordPress Plugin Welcart e-Commerce versions = 2.11.9...

WordPress Friendly Functions for Welcart Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Friendly Functions for Welcart Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10726 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b139992aab4f Credits vg...

WordPress Welcart plugin SQL injection vulnerability (CNVD-2015-08468)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Welcart is one of the plug-ins used to create shopping sites. A SQL injection vulnerability exists in WordPress Welcart...

WordPress Welcart plugin cross-site scripting vulnerability (CNVD-2015-05021)

WordPress is a set of WordPress Software Foundation blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.Welcart is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in versions of the WordPress...

WordPress Welcart Plugin <= 1.4.17 - Multiple XSS

These vulnerabilities allow the attackers to inject arbitrary web script or HTML via the "uscesreferer" parameter to: includes/edit-form-advanced.php, includes/edit-form-advanced34.php, classes/usceshop.class.php, includes/membereditform.php, includes/orderlist.php, includes/ordereditform.php,...