Filtered by vendor Welcart Subscriptions
Filtered by product E-commerce Subscriptions

Search

Switch to Advanced Search (Beta)
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-9367 2 Welcart, Wordpress 3 E-commerce, Welcart E-commerce, Wordpress 2025-09-12 5.5 Medium
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.11.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2025-58984 2 Welcart, Wordpress 2 E-commerce, Wordpress 2025-09-11 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
CVE-2025-54012 2 Welcart, Wordpress 2 E-commerce, Wordpress 2025-08-24 7.2 High
Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection. This issue affects Welcart e-Commerce: from n/a through 2.11.16.
CVE-2014-10016 1 Welcart 1 E-commerce 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php.
CVE-2014-10017 1 Welcart 1 E-commerce 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.