Update the WordPress Welcart e-Commerce plugin to the latest available version (at least 2.8.4).
Lana Codes discovered and reported this Broken Access Control vulnerability in WordPress Welcart e-Commerce Plugin. This vulnerability has been fixed in version 2.8.4.
Commerce plugin <= 2.8.3 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities
Unauth. Directory Traversal vulnerability
Commerce plugin <= 2.2.7 Unauthenticated Information Disclosure vulnerability
Commerce plugin <= 2.2.7 Authenticated System Information Disclosure vulnerability
Commerce plugin <= 2.2.3 CrossSite Scripting (XSS) vulnerability