Welcart E Commerce
Monthly
Unauthenticated broken access control in the Welcart e-Commerce WordPress plugin (versions up to and including 2.11.28) permits remote attackers without any credentials to bypass authorization checks and perform restricted actions. Rooted in CWE-862 (Missing Authorization), the flaw exposes low-severity but tangible integrity and availability impacts against any WordPress installation running the affected plugin. No public exploit code has been identified at the time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Unauthenticated broken access control in the Welcart e-Commerce WordPress plugin (versions up to and including 2.11.28) permits remote attackers without any credentials to bypass authorization checks and perform restricted actions. Rooted in CWE-862 (Missing Authorization), the flaw exposes low-severity but tangible integrity and availability impacts against any WordPress installation running the affected plugin. No public exploit code has been identified at the time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.