Welcart E-commerce Security Vulnerabilities and Issues — Welcart E-commerce CVE List

Lucene search

WelcartWelcart E-commerce

3 matches found

CVE•added 2025/04/01 9:15 a.m.•75 views

CVE-2025-27130

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

8.8CVSS7.7AI score0.00177EPSS

CVE•added 2025/02/12 12:15 p.m.•46 views

CVE-2025-0511

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scr...

7.2CVSS6.2AI score0.00251EPSS

CVE•added 2025/06/09 4:15 p.m.•36 views

CVE-2025-47511

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.

6.8CVSS6.9AI score0.00063EPSS