VYPR

E Commerce

by Welcart

CVEs (36)

  • CVE-2025-0511Feb 12, 2025
    risk 0.00cvss epss 0.00

    The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2024-45366Sep 18, 2024
    risk 0.00cvss epss 0.00

    Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.

  • CVE-2024-42404Sep 18, 2024
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.

  • CVE-2024-32144Jun 11, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.

  • CVE-2023-43614Sep 26, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

  • CVE-2023-43610Sep 26, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.

  • CVE-2023-43493Sep 26, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.

  • CVE-2023-43484Sep 26, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

  • CVE-2023-41962Sep 26, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.

  • CVE-2023-41233Sep 26, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.

  • CVE-2023-40532Sep 26, 2023
    risk 0.00cvss epss 0.01

    Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.

  • CVE-2023-40219Sep 26, 2023
    risk 0.00cvss epss 0.01

    Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.

  • CVE-2021-20734Jun 22, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

  • CVE-2015-2973Jul 24, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3)…

  • CVE-2014-10017Jan 13, 2015
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.

  • CVE-2014-10016Jan 13, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time…

Page 2 of 2