Welcart E-commerce Security Vulnerabilities and Issues — Welcart E-commerce CVE List

Lucene search

WelcartWelcart E-commerce

6 matches found

CVE•added 2023/01/02 10:15 p.m.•66 views

CVE-2022-4140

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

7.5CVSS7.5AI score0.69047EPSS

CVE•added 2025/02/12 12:15 p.m.•46 views

CVE-2025-0511

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scr...

7.2CVSS6.2AI score0.00251EPSS

CVE•added 2023/03/29 8:15 p.m.•35 views

CVE-2023-22705

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin

7.1CVSS6AI score0.00083EPSS

CVE•added 2023/12/28 7:15 p.m.•35 views

CVE-2023-50847

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.

7.6CVSS7.6AI score0.00291EPSS

CVE•added 2023/06/07 2:15 a.m.•33 views

CVE-2021-4355

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible...

7.5CVSS5.2AI score0.0083EPSS

CVE•added 2023/09/27 3:19 p.m.•30 views

CVE-2023-40219

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.

7.2CVSS7.2AI score0.00457EPSS