Welcart e-Commerce
info@welcart
Developer
2.11.25
Latest version
20,000
Installations
Nov 12, 2025
Last updated
Vulnerability history
0 present
28 fixed
18 Mitigation rules
- Missing Authorization to Unauthenticated Information Exposure vulnerability<= 2.11.24Nov 12, 2025
- Authenticated (Editor+) Stored Cross-Site Scripting via order_mail vulnerability<= 2.11.22Oct 21, 2025
- Broken Access Control vulnerability<= 2.11.24Oct 14, 2025
- Authenticated (Author+) SQL Injection via Cookie vulnerability<= 2.11.21Oct 8, 2025
- Cross Site Scripting (XSS) Vulnerability<= 2.11.20Sep 9, 2025
- PHP Object Injection Vulnerability<= 2.11.16Aug 12, 2025
- Cross Site Scripting (XSS) Vulnerability<= 2.11.16Jul 16, 2025
- Arbitrary File Deletion Vulnerability<= 2.11.13Jun 3, 2025
- Unauthenticated Stored Cross-Site Scripting via name Parameter vulnerability<= 2.11.9Feb 11, 2025
- Broken Access Control + CSRF vulnerability<= 2.9.14Apr 12, 2024
- SQL Injection vulnerability<= 2.9.3Dec 21, 2023
- Authenticated (Administrator+) Directory Traversal vulnerability<= 2.9.6Dec 11, 2023
- Authenticated (Administrator+) PHP Object Injection vulnerability< 2.9.6Nov 15, 2023
- Authenticated (Subscriber+) Arbitrary File Upload vulnerability<= 2.9.4Nov 14, 2023
- Authenticated(level_5+) SQL Injection via get_logs vulnerability< 2.8.22Sep 15, 2023
- Cross Site Scripting (XSS) vulnerability<= 2.8.10Jan 27, 2023
- Contributor+ Stored XSS via Shortcode vulnerability< 2.8.9Dec 26, 2022
- Unauth. Arbitrary File Access vulnerability< 2.8.5Dec 5, 2022
- Auth. PHAR Deserialization vulnerability< 2.8.5Dec 5, 2022
- Auth. Arbitrary File Access vulnerability< 2.8.5Dec 5, 2022
- Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability<= 2.8.3Nov 21, 2022
- Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities<= 2.8.3Nov 21, 2022
- Unauth. Directory Traversal vulnerability<= 2.7.7Oct 20, 2022
- Unauthenticated Information Disclosure vulnerability<= 2.2.7Aug 6, 2021
- Authenticated System Information Disclosure vulnerability<= 2.2.7Aug 6, 2021
- Cross-Site Scripting (XSS) vulnerability<= 2.2.3Jun 11, 2021
- SQL injection (SQLi) vulnerability<= 2.0.0Feb 9, 2021
- Authenticated PHP Object Injection vulnerability<= 1.9.35Nov 5, 2020