E Commerce
by Welcart
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0511 | 0.00 | — | 0.00 | Feb 12, 2025 | The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to… | |||
| CVE-2024-45366 | 0.00 | — | 0.00 | Sep 18, 2024 | Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | |||
| CVE-2024-42404 | 0.00 | — | 0.00 | Sep 18, 2024 | SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. | |||
| CVE-2024-32144 | 0.00 | — | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14. | |||
| CVE-2023-43614 | 0.00 | — | 0.01 | Sep 26, 2023 | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||
| CVE-2023-43610 | 0.00 | — | 0.01 | Sep 26, 2023 | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | |||
| CVE-2023-43493 | 0.00 | — | 0.01 | Sep 26, 2023 | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | |||
| CVE-2023-43484 | 0.00 | — | 0.01 | Sep 26, 2023 | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||
| CVE-2023-41962 | 0.00 | — | 0.01 | Sep 26, 2023 | Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. | |||
| CVE-2023-41233 | 0.00 | — | 0.01 | Sep 26, 2023 | Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||
| CVE-2023-40532 | 0.00 | — | 0.01 | Sep 26, 2023 | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | |||
| CVE-2023-40219 | 0.00 | — | 0.01 | Sep 26, 2023 | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. | |||
| CVE-2021-20734 | 0.00 | — | 0.01 | Jun 22, 2021 | Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | |||
| CVE-2015-2973 | 0.00 | — | 0.02 | Jul 24, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3)… | |||
| CVE-2014-10017 | 0.00 | — | 0.02 | Jan 13, 2015 | Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. | |||
| CVE-2014-10016 | 0.00 | — | 0.02 | Jan 13, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time… |
- CVE-2025-0511Feb 12, 2025risk 0.00cvss —epss 0.00
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
- CVE-2024-45366Sep 18, 2024risk 0.00cvss —epss 0.00
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
- CVE-2024-42404Sep 18, 2024risk 0.00cvss —epss 0.00
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
- CVE-2024-32144Jun 11, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.
- CVE-2023-43614Sep 26, 2023risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
- CVE-2023-43610Sep 26, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
- CVE-2023-43493Sep 26, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
- CVE-2023-43484Sep 26, 2023risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
- CVE-2023-41962Sep 26, 2023risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
- CVE-2023-41233Sep 26, 2023risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
- CVE-2023-40532Sep 26, 2023risk 0.00cvss —epss 0.01
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
- CVE-2023-40219Sep 26, 2023risk 0.00cvss —epss 0.01
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
- CVE-2021-20734Jun 22, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
- CVE-2015-2973Jul 24, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3)…
- CVE-2014-10017Jan 13, 2015risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.
- CVE-2014-10016Jan 13, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time…
Page 2 of 2