Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Webkul — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Webkul. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Webkul develops e-commerce and marketplace solutions, primarily for Magento and Shopify platforms, enabling businesses to create online stores and marketplaces. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by their 8 recorded CVEs. These vulnerabilities often stem from insufficient input validation and improper access controls in their extensions. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their products suggests a need for improved security development practices to protect their customers' environments from potential exploitation.

Top products by Webkul: QloApps krayin crm WooCommerce Point of Sale Medical Prescription Attachment Plugin for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-10759 Webkul QloApps CSRF Token authorization — QloAppsCWE-639 5.3 Medium2025-09-21
CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability — Medical Prescription Attachment Plugin for WooCommerceCWE-434 10.0 Critical2025-07-16
CVE-2025-6173 Webkul QloApps ajax_products_list.php sql injection — QloAppsCWE-89 4.7 Medium2025-06-17
CVE-2025-3568 Webkul Krayin CRM SVG File edit cross site scripting — Krayin CRMCWE-79 3.5 Low2025-04-14
CVE-2025-1155 Webkul QloApps Your Location Search stores cross site scripting — QloAppsCWE-79 4.3 Medium2025-02-10
CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery — QloAppsCWE-352 4.3 Medium2025-02-06
CVE-2024-11281 WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change — WooCommerce Point of SaleCWE-862 9.8 Critical2024-12-25
CVE-2023-2925 Webkul krayin crm Edit Person Page 2 cross site scripting — krayin crmCWE-79 2.4 Low2023-05-27

This page lists every published CVE security advisory associated with Webkul. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.