Welcart

Welcart E-commerce

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-47511

  • EPSS 0.05%
  • Veröffentlicht 09.06.2025 15:54:10
  • Zuletzt bearbeitet 25.06.2025 19:42:49

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.

8.8

CVE-2025-27130

  • EPSS 0.4%
  • Veröffentlicht 01.04.2025 09:15:15
  • Zuletzt bearbeitet 08.07.2025 17:09:54

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the...

6.1

CVE-2025-0511

  • EPSS 0.81%
  • Veröffentlicht 12.02.2025 12:15:29
  • Zuletzt bearbeitet 20.02.2025 20:35:03

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unau...

6.1

CVE-2024-45366

  • EPSS 0.19%
  • Veröffentlicht 18.09.2024 06:15:02
  • Zuletzt bearbeitet 10.07.2025 13:21:56

Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.

8.8

CVE-2024-42404

  • EPSS 0.43%
  • Veröffentlicht 18.09.2024 06:15:02
  • Zuletzt bearbeitet 10.07.2025 13:22:05

SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.

4.3

CVE-2024-32144

  • EPSS 0.07%
  • Veröffentlicht 11.06.2024 16:15:27
  • Zuletzt bearbeitet 21.11.2024 09:14:32

Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.

7.2

CVE-2023-50847

  • EPSS 0.29%
  • Veröffentlicht 28.12.2023 19:15:15
  • Zuletzt bearbeitet 20.02.2025 18:34:50

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.

2.7

CVE-2023-6120

  • EPSS 0.13%
  • Veröffentlicht 09.12.2023 07:15:08
  • Zuletzt bearbeitet 20.02.2025 18:34:50

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary...

8.8

CVE-2023-5953

Exploit
  • EPSS 0.23%
  • Veröffentlicht 04.12.2023 22:15:08
  • Zuletzt bearbeitet 29.05.2025 14:15:33

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload...

6.1

CVE-2023-5951

Exploit
  • EPSS 0.28%
  • Veröffentlicht 04.12.2023 22:15:08
  • Zuletzt bearbeitet 20.02.2025 18:32:30

The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin