Welcart e-Commerce
info@welcart
Developer
2.11.28
Latest version
10,000
Installations
No date
Last updated
Vulnerability history
0 present
29 patched
18 Mitigation rules
- Authenticated (Editor+) Stored Cross-Site Scripting vulnerability<= 2.11.2031/12/2025
- Missing Authorization to Unauthenticated Information Exposure vulnerability<= 2.11.2412/11/2025
- Authenticated (Editor+) Stored Cross-Site Scripting via order_mail vulnerability<= 2.11.2221/10/2025
- Broken Access Control vulnerability<= 2.11.2414/10/2025
- Authenticated (Author+) SQL Injection via Cookie vulnerability<= 2.11.2108/10/2025
- Cross Site Scripting (XSS) Vulnerability<= 2.11.2009/09/2025
- PHP Object Injection Vulnerability<= 2.11.1612/08/2025
- Cross Site Scripting (XSS) Vulnerability<= 2.11.1616/07/2025
- Arbitrary File Deletion Vulnerability<= 2.11.1303/06/2025
- Unauthenticated Stored Cross-Site Scripting via name Parameter vulnerability<= 2.11.911/02/2025
- Broken Access Control + CSRF vulnerability<= 2.9.1412/04/2024
- SQL Injection vulnerability<= 2.9.321/12/2023
- Authenticated (Administrator+) Directory Traversal vulnerability<= 2.9.611/12/2023
- Authenticated (Administrator+) PHP Object Injection vulnerability< 2.9.615/11/2023
- Authenticated (Subscriber+) Arbitrary File Upload vulnerability<= 2.9.414/11/2023
- Authenticated(level_5+) SQL Injection via get_logs vulnerability< 2.8.2215/09/2023
- Cross Site Scripting (XSS) vulnerability<= 2.8.1027/01/2023
- Contributor+ Stored XSS via Shortcode vulnerability< 2.8.926/12/2022
- Unauth. Arbitrary File Access vulnerability< 2.8.505/12/2022
- Auth. PHAR Deserialization vulnerability< 2.8.505/12/2022
- Auth. Arbitrary File Access vulnerability< 2.8.505/12/2022
- Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability<= 2.8.321/11/2022
- Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities<= 2.8.321/11/2022
- Unauth. Directory Traversal vulnerability<= 2.7.720/10/2022
- Unauthenticated Information Disclosure vulnerability<= 2.2.706/08/2021
- Authenticated System Information Disclosure vulnerability<= 2.2.706/08/2021
- Cross-Site Scripting (XSS) vulnerability<= 2.2.311/06/2021
- SQL injection (SQLi) vulnerability<= 2.0.009/02/2021
- Authenticated PHP Object Injection vulnerability<= 1.9.3505/11/2020