Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Welcart e-Commerce — Vulnerabilities & Security Advisories 37

All 37 CVE vulnerabilities found in Welcart e-Commerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Collne Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12979 Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure CWE-862 5.3 Medium2025-11-13
CVE-2025-62953 WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-10-27
CVE-2025-10651 Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail CWE-79 5.5 Medium2025-10-22
CVE-2025-10649 Welcart e-Commerce <= 2.11.21 - Authenticated (Author+) SQL Injection via Cookie CWE-89 6.5 Medium2025-10-08
CVE-2025-9367 Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting CWE-79 5.5 Medium2025-09-10
CVE-2025-58984 WordPress Welcart e-Commerce Plugin <= 2.11.20 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-09-09
CVE-2025-54012 WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability CWE-502 7.2 High2025-08-20
CVE-2025-54013 WordPress Welcart e-Commerce plugin <= 2.11.16 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-07-16
CVE-2025-47511 WordPress Welcart e-Commerce plugin <= 2.11.13 - Arbitrary File Deletion Vulnerability CWE-22 6.8 Medium2025-06-09
CVE-2025-27130 Welcart e-Commerce 代码问题漏洞 CWE-502 9.8 -2025-04-01
CVE-2025-0511 Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter CWE-79 7.2 High2025-02-12
CVE-2024-45366 WordPress plugin Welcart e-Commerce 安全漏洞 6.1AIMediumAI2024-09-18
CVE-2024-42404 WordPress plugin Welcart e-Commerce 安全漏洞 8.1AIHighAI2024-09-18
CVE-2024-32144 WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability CWE-862 5.4 Medium2024-06-11
CVE-2023-50847 WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection CWE-89 7.6 High2023-12-28
CVE-2023-6120 Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal CWE-22 4.1 Medium2023-12-09
CVE-2023-5951 Welcart e-Commerce < 2.9.5 - Reflected XSS 6.1AIMediumAI2023-12-04
CVE-2023-5953 Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload 8.8AIHighAI2023-12-04
CVE-2023-5952 Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection 9.8AICriticalAI2023-12-04
CVE-2023-43614 WordPress Plugin Welcart e-Commerce 跨站脚本漏洞 6.1 -2023-09-26
CVE-2023-43610 WordPress Plugin Welcart e-Commerce SQL注入漏洞 8.8 -2023-09-26
CVE-2023-43493 WordPress Plugin Welcart e-Commerce SQL注入漏洞 6.5 -2023-09-26
CVE-2023-43484 WordPress Plugin Welcart e-Commerce 跨站脚本漏洞 6.1 -2023-09-26
CVE-2023-41962 WordPress plugin Welcart e-Commerce 安全漏洞 6.1 -2023-09-26
CVE-2023-41233 WordPress plugin Welcart e-Commerce 跨站脚本漏洞 6.1 -2023-09-26
CVE-2023-40532 WordPress plugin Welcart e-Commerce 路径遍历漏洞 4.3 -2023-09-26
CVE-2023-40219 WordPress plugin Welcart e-Commerce 代码问题漏洞 8.8 -2023-09-26
CVE-2021-4375 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure CWE-862 4.3 Medium2023-06-07
CVE-2021-4355 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure CWE-862 7.5 High2023-06-07
CVE-2023-22705 WordPress Welcart e-Commerce Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-03-29

All 37 known CVE vulnerabilities affecting Welcart e-Commerce with full Chinese analysis, references, and POCs where available.