CVE Tools

welcart

Web & CMS Pluginscommercial

26

Cumulative CVEs

8

Monthly snapshots

#45

Peak rank

Top products

welcart e-commerce5

Latest CVEs

The 15 most recently published vulnerabilities affecting welcart.

CVE-2025-47511WordPress Welcart e-Commerce plugin <= 2.11.13 - Arbitrary File Deletion Vulnerability6.8Jun 9, 2025
CVE-2025-27130Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticat...8.8Apr 1, 2025
CVE-2025-0511Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter7.2Feb 12, 2025
CVE-2024-45366Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.6.1Sep 18, 2024
CVE-2024-42404SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.8.8Sep 18, 2024
CVE-2024-32144WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability5.4Jun 11, 2024
CVE-2023-50847WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection7.6Dec 28, 2023
CVE-2023-6120Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal4.1Dec 9, 2023
CVE-2023-5951Welcart e-Commerce < 2.9.5 - Reflected XSS6.1Dec 4, 2023
CVE-2023-5953Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload8.8Dec 4, 2023
CVE-2023-5952Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection9.8Dec 4, 2023
CVE-2023-43614Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.6.1Sep 26, 2023
CVE-2023-43610SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended data...8.8Sep 26, 2023
CVE-2023-43493SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.4.9Sep 26, 2023
CVE-2023-43484Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.6.1Sep 26, 2023