Browse all 8 CVE security advisories affecting Webkul. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Webkul develops e-commerce and marketplace solutions, primarily for Magento and Shopify platforms, enabling businesses to create online stores and marketplaces. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by their 8 recorded CVEs. These vulnerabilities often stem from insufficient input validation and improper access controls in their extensions. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their products suggests a need for improved security development practices to protect their customers' environments from potential exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-10759 | Webkul QloApps CSRF Token authorization — QloAppsCWE-639 | 5.3 | Medium | 2025-09-21 |
| CVE-2025-6173 | Webkul QloApps ajax_products_list.php sql injection — QloAppsCWE-89 | 4.7 | Medium | 2025-06-17 |
| CVE-2025-1155 | Webkul QloApps Your Location Search stores cross site scripting — QloAppsCWE-79 | 4.3 | Medium | 2025-02-10 |
| CVE-2025-1074 | Webkul QloApps URL mylogout cross-site request forgery — QloAppsCWE-352 | 4.3 | Medium | 2025-02-06 |
This page lists every published CVE security advisory associated with Webkul. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.