Product
welcart e commerce
38 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-47511
CVE-2025-27130
CVE-2025-0511
CVE-2024-45366
CVE-2024-42404
CVE-2024-32144
CVE-2023-50847
CVE-2023-6120
CVE-2023-5953
CVE-2023-5952
CVE-2023-5951
CVE-2023-43614
CVE-2023-43610
CVE-2023-43493
CVE-2023-43484
CVE-2023-41962
CVE-2023-41233
CVE-2023-40219
CVE-2021-4375
CVE-2021-4355
CVE-2023-22705
CVE-2022-4655
CVE-2022-4237
CVE-2022-4236
CVE-2022-4140
CVE-2022-3946
CVE-2022-3935
CVE-2022-41840
CVE-2021-20734
CVE-2020-28339
CVE-2016-4828
CVE-2016-4827
CVE-2016-4826
CVE-2016-4825
CVE-2015-7791
CVE-2015-2973
CVE-2014-10017
CVE-2014-10016
< 2.11.14
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce us
<= 2.11.6
Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is
< 2.11.10
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versi
< 2.11.2
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary
< 2.11.2
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alt
< 2.10.0
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9
<= 2.9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commer
< 2.9.7
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via t
< 2.9.5
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisatio
< 2.9.5
The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users
< 2.9.5
The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the pag
>= 2.7 and <= 2.8.21
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenti
>= 2.7 and <= 2.8.21
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (withou
>= 2.7 and <= 2.8.21
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher pri
>= 2.7 and <= 2.8.21
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated
>= 2.7 and <= 2.8.21
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote
>= 2.7 and <= 2.8.21
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a re
>= 2.7 and <= 2.8.21
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthor
<= 2.2.7
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_d
<= 2.2.7
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download
<= 2.8.10
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
< 2.8.9
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could al
< 2.8.6
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via va
< 2.8.5
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file
< 2.8.5
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file,
< 2.8.4
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-i
< 2.8.4
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authentic
< 2.7.8
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
all versions
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary scrip
< 1.9.36
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unseria
< 1.8.3
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain acces
< 1.8.3
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attacker
< 1.8.3
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attacker
< 1.8.3
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks an
<= 1.5.2
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authentic
<= 1.4.17
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to in
all versions
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arb
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers t