Browse all 4 CVE security advisories affecting Welcart Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Welcart develops an e-commerce WordPress plugin enabling online stores with product management and payment processing capabilities. Historically, the plugin has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. These weaknesses often stem from insufficient input validation and improper access controls. The four publicly disclosed CVEs highlight persistent security challenges, with RCE being the most critical class affecting versions prior to 2.7.3. While no major public breaches have been documented, the consistent vulnerability pattern suggests ongoing security concerns for merchants using outdated implementations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-27130 | Welcart e-Commerce 代码问题漏洞 — Welcart e-CommerceCWE-502 | 9.8 | - | 2025-04-01 |
| CVE-2024-45366 | WordPress plugin Welcart e-Commerce 安全漏洞 — Welcart e-Commerce | 6.1AI | MediumAI | 2024-09-18 |
| CVE-2024-42404 | WordPress plugin Welcart e-Commerce 安全漏洞 — Welcart e-Commerce | 8.1AI | HighAI | 2024-09-18 |
| CVE-2024-32144 | WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability — Welcart e-CommerceCWE-862 | 5.4 | Medium | 2024-06-11 |
This page lists every published CVE security advisory associated with Welcart Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.