📦 Welcart E Commerce

The Welcart e-Commerce WordPress plugin before version 2.9.5 contains a PHP object injection vulnerability due to unsafe deserialization of user-controlled cookie data. Unauthenticated attackers can e...

Welcart e-Commerce versions 2.11.6 and earlier contain an untrusted data deserialization vulnerability that allows remote unauthenticated attackers to execute arbitrary code. This affects any website ...

The Welcart e-Commerce plugin for WordPress has a stored cross-site scripting (XSS) vulnerability in the 'name' parameter that allows unauthenticated attackers to inject malicious scripts. These scrip...

This SQL injection vulnerability in Welcart e-Commerce allows authenticated users with editor privileges or higher to execute arbitrary SQL commands on the database. It affects versions 2.7 through 2....

This vulnerability in Welcart e-Commerce allows users with editor or higher privileges to upload arbitrary files to unauthorized directories. This could lead to remote code execution or data manipulat...

This vulnerability allows unauthenticated attackers to inject malicious scripts into Welcart e-Commerce plugin pages, which execute in victims' browsers when they visit crafted URLs. It affects WordPr...

Welcart e-Commerce versions before 2.11.2 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. When exploited, these scripts execute in ...