N/A
2025-09-09< 2.11.21
Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting
Welcart e-Commerce
Minimum safe version
2.11.25
Update to 2.11.25 or later to address 64 fixable vulnerabilities
Latest available2.11.28 ✓Affected up to2.8.21 ⚠
Medium 5.3
2025-11-13< 2.11.25
CVE-2025-12979
Medium 4.3
2025-10-27< 2.11.25
CVE-2025-62953
Medium 5.5
2025-10-22< 2.11.23
CVE-2025-10651
Medium 6.5
2025-10-08< 2.11.22
CVE-2025-10649
Medium 5.9
2025-09-09< 2.11.21
CVE-2025-58984
High 7.2
2025-08-20< 2.11.17
CVE-2025-54012
Medium 5.9
2025-07-16< 2.11.17
CVE-2025-54013
Medium 6.5
2025-06-09< 2.11.14
CVE-2025-47511
N/A
2025-04-01< 2.11.12
WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization
High 7.2
2025-02-12< 2.11.10
WordPress Welcart e-Commerce Plugin <= 2.11.9 is vulnerable to Cross Site Scripting (XSS)
Medium 6.1
2024-09-18< 2.11.2
CVE-2024-45366
High 8.8
2024-09-18< 2.11.2
CVE-2024-42404
N/A
< 2.9.6
Welcart e-Commerce < 2.9.6 - Admin+ PHP Object Injection
N/A
< 2.9.5
Welcart e-Commerce < 2.9.5 - Cross-Site Request Forgery
Medium 4.3
2024-06-11< 2.10.0
CVE-2024-32144
High 7.6
2024-12-21< 2.9.4
WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection
Low 2.7
2023-12-11< 2.9.7
WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal
High 8.8
2023-12-04< 2.9.5
CVE-2023-5953
Medium 6.1
2023-12-04< 2.9.5
CVE-2023-5951
Critical 9.8
2023-12-04< 2.9.5
CVE-2023-5952
N/A
2023-11-15< 2.9.6
WordPress Welcart e-Commerce Plugin < 2.9.6 is vulnerable to PHP Object Injection
N/A
2023-11-14< 2.9.5
WordPress Welcart e-Commerce Plugin <= 2.9.4 is vulnerable to Arbitrary File Upload
N/A
2023-11-15< 2.9.6
Welcart e-Commerce <= 2.9.5 - Authenticated (Administrator+) PHP Object Injection
N/A
2023-11-14< 2.9.5
Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
N/A
2023-11-14< 2.9.5
Welcart e-Commerce <= 2.9.4 - Cross-Site Request Forgery
High 7.2
2023-09-26≥ 2.7 and ≤ 2.8.21
CVE-2023-40219
N/A
2023-09-15< 2.8.22
WordPress Welcart e-Commerce Plugin < 2.8.22 is vulnerable to SQL Injection
N/A
2023-09-14< 2.8.22
Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs
Medium 4.3
2023-06-07< 2.2.8
CVE-2021-4375
Medium 5.3
2023-06-07< 2.2.8
CVE-2021-4355
N/A
2023-01-17≥ 2.6.0 and ≤ 2.8.5
WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal
High 7.1
2023-03-29< 2.8.11
CVE-2023-22705
Medium 5.4
2023-01-16< 2.8.9
CVE-2022-4655
N/A
< 1.5
Welcart e-Commerce 1.3.12 - DOM Cross-Site Scripting (XSS)
N/A
< 1.8.3
wpscan.com
N/A
< 2.1.1
Welcart e-Commerce < 2.1.1 - Authenticated SQL Injection
N/A
< 2.2.8
Welcart e-Commerce < 2.2.8 - Unauthenticated Information Disclosure
N/A
< 2.2.8
Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure
N/A
2021-02-08< 2.1.1
Welcart e-Commerce <= 2.1.0 - SQL Injection
N/A
2021-08-06< 2.2.8
Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure
N/A
2021-08-06< 2.2.8
Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure
N/A
2022-11-16< 2.8.4
Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery
N/A
2022-11-28< 2.8.4
Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery
High 7.5
2023-12-05< 2.8.5
WordPress Welcart e-Commerce Plugin < 2.8.5 is vulnerable to Path Traversal
Medium 6.5
2023-12-05< 2.8.5
WordPress Welcart e-Commerce Plugin < 2.8.5 is vulnerable to Arbitrary File Download
High 8.8
2023-12-05< 2.8.6
WordPress Welcart e-Commerce Plugin < 2.8.5 is vulnerable to Deserialization of untrusted data
Medium 5.4
2022-12-12< 2.8.4
CVE-2022-3935
Medium 6.5
2022-12-12< 2.8.4
CVE-2022-3946
High 7.5
2022-11-18< 2.7.8
CVE-2022-41840
N/A
2015-07-25< 1.1
WordPress Welcart E-Commerce Plugin - Multiple Vulnerabilities
N/A
2021-02-09< 2.0.1
WordPress Welcart e-Commerce plugin <= 2.0.0 - SQL injection (SQLi) vulnerability
N/A
2021-08-06< 2.2.8
WordPress Welcart e-Commerce plugin <= 2.2.7 - Authenticated System Information Disclosure vulnerability
N/A
2021-08-06< 2.2.8
WordPress Welcart e-Commerce plugin <= 2.2.7 - Unauthenticated Information Disclosure vulnerability
Medium 6.1
2025-10-03< 2.2.4
CVE-2021-20734
N/A
2012-12-19< 1.2.2
CVE-2012-5178
N/A
2012-12-19< 1.2.2
CVE-2012-5177
N/A
2015-07-24< 1.5
Welcart vulnerable to SQL injection
N/A
2015-01-13< 1.5
CVE-2014-10016
N/A
2015-07-24< 1.4.18
CVE-2015-2973
Medium 6.3
2015-12-29< 1.5.3
CVE-2015-7791
Medium 6.1
2016-06-25< 1.8.3
CVE-2016-4827
Medium 6.5
2016-06-25< 1.8.3
CVE-2016-4828
Medium 6.1
2016-06-25< 1.8.3
CVE-2016-4826
Medium 5.6
2016-06-25< 1.8.3
CVE-2016-4825
High 8.8
2020-11-07< 1.9.36
CVE-2020-28339