Welcart e-Commerce

Software Type	Plugin
Software Slug	usc-e-shop (view on wordpress.org)
Software Status	Active
Software Author	uscnanbu
Software Website	www.welcart.com
Software Downloads	982,057
Software Active Installs	20,000
Software Record Last Updated	November 29, 2023

Showing 1-20 of 31 Vulnerabilities

Welcart e-Commerce <= 2.9.5 - Authenticated (Administrator+) PHP Object Injection

7.2

CVE ID Unknown

Nov 15, 2023

Researchers:

Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE ID Unknown

Nov 14, 2023

Researchers:

Welcart e-Commerce <= 2.9.4 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Nov 14, 2023

Researchers:

Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload

8.8

CVE-2023-40219

Sep 26, 2023

Researcher: Akihiro Hashimoto

Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) SQL Injection

8.8

CVE-2023-43610

Sep 14, 2023

Researcher: Shogo Kumamaru

Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs

8.8

CVE-2023-43493

Sep 14, 2023

Researcher: Shogo Kumamaru

Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-22705

Jan 27, 2023

Researcher: Le Ngoc Anh

Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4655

Dec 23, 2022

Researcher: István Márton

Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization

6.5

CVE-2022-4237

Dec 5, 2022

Researcher: WPScanTeam

Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read

6.5

CVE-2022-4236

Dec 5, 2022

Researcher: WPScanTeam

Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read

7.5

CVE-2022-4140

Nov 30, 2022

Researcher: Takeshi Suzuki

Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Nov 28, 2022

Researchers:

Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2022-3935

Nov 21, 2022

Researcher: István Márton

Welcart e-Commerce <= 2.8.3 - Missing Authorization

5.4

CVE-2022-3946

Nov 21, 2022

Researcher: István Márton

Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Nov 16, 2022

Researchers:

Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read

7.5

CVE-2022-41840

Sep 2, 2022

Researchers:

Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure

4.3

CVE-2021-4375

Aug 6, 2021

Researcher: Jerome Bruandet

Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure

7.5

CVE-2021-4355

Aug 6, 2021

Researcher: Jerome Bruandet

Welcart e-Commerce <= 2.2.3 - Reflected Cross-Site Scripting

6.1

CVE-2021-20734

Jun 11, 2021

Researcher: Yu Iwama

Welcart e-Commerce <= 2.1.0 - SQL Injection

8.8

CVE ID Unknown

Feb 8, 2021

Researcher: Erik David Martin

Title	CVE ID	CVSS	Researchers	Date
Welcart e-Commerce <= 2.9.5 - Authenticated (Administrator+) PHP Object Injection		7.2		November 15, 2023
Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload		8.8		November 14, 2023
Welcart e-Commerce <= 2.9.4 - Cross-Site Request Forgery		8.8		November 14, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload	CVE-2023-40219	8.8	Akihiro Hashimoto	September 26, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) SQL Injection	CVE-2023-43610	8.8	Shogo Kumamaru	September 14, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs	CVE-2023-43493	8.8	Shogo Kumamaru	September 14, 2023
Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-22705	7.2	Le Ngoc Anh	January 27, 2023
Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4655	6.4	István Márton	December 23, 2022
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization	CVE-2022-4237	6.5	WPScanTeam	December 5, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read	CVE-2022-4236	6.5	WPScanTeam	December 5, 2022
Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read	CVE-2022-4140	7.5	Takeshi Suzuki	November 30, 2022
Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery		8.8		November 28, 2022
Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2022-3935	6.4	István Márton	November 21, 2022
Welcart e-Commerce <= 2.8.3 - Missing Authorization	CVE-2022-3946	5.4	István Márton	November 21, 2022
Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery		8.8		November 16, 2022
Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read	CVE-2022-41840	7.5		September 2, 2022
Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure	CVE-2021-4375	4.3	Jerome Bruandet	August 6, 2021
Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure	CVE-2021-4355	7.5	Jerome Bruandet	August 6, 2021
Welcart e-Commerce <= 2.2.3 - Reflected Cross-Site Scripting	CVE-2021-20734	6.1	Yu Iwama	June 11, 2021
Welcart e-Commerce <= 2.1.0 - SQL Injection		8.8	Erik David Martin	February 8, 2021

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation