Update the WordPress Welcart e-Commerce plugin to the latest available version (at least 2.7.8).
Tien Nguyen Anh discovered and reported this Directory Traversal vulnerability in WordPress Welcart e-Commerce Plugin. This could allow a malicious actor to see all files in a given directory or determine if certain files/directories exist in given folder. This can be used to exploit other weaknesses in the system This vulnerability has been fixed in version 2.7.8.
Commerce plugin <= 2.8.10 Cross Site Scripting (XSS) vulnerability
7 days ago
Contributor+ Stored XSS via Shortcode vulnerability
Commerce plugin < 2.8.5 Unauth. Arbitrary File Access vulnerability
Commerce plugin < 2.8.5 Auth. PHAR Deserialization vulnerability
Commerce plugin < 2.8.5 Auth. Arbitrary File Access vulnerability
Commerce plugin <= 2.8.3 Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability