Medium severity5.3NVD Advisory· Published Nov 13, 2025· Updated Apr 15, 2026
CVE-2025-12979
CVE-2025-12979
Description
The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials (ex. PayPal api secret) , as well as business contact details, mail templates, and other operational settings tied to the store.
Affected products
2- Range: <=2.11.24
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.