VYPR

Welcart

by WordPress

CVEs (5)

  • CVE-2015-7791MedDec 29, 2015
    WordPress
    Welcart
    risk 0.41cvss 6.3epss 0.02

    Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.

  • CVE-2025-12979MedNov 13, 2025
    WordPress
    Welcart
    risk 0.34cvss 5.3epss 0.00

    The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured…

  • CVE-2015-2973Jul 24, 2015
    WordPress
    Welcart
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3)…

  • CVE-2012-5178Dec 19, 2012
    Welcart
    Welcart Plugin
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.

  • CVE-2012-5177Dec 19, 2012
    Welcart
    Welcart Plugin
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.