Browse all 5 CVE security advisories affecting info@welcart. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Info@welcart operates as an e-commerce platform enabling WordPress-based online stores. Historically, the system has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its five recorded CVEs. These weaknesses often stem from insufficient input validation and improper access controls in its plugin architecture. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. The platform's integration with WordPress core and third-party extensions further expands its attack surface, requiring vigilant maintenance and prompt patch application to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62953 | WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability — Welcart e-CommerceCWE-862 | 4.3 | Medium | 2025-10-27 |
| CVE-2025-58984 | WordPress Welcart e-Commerce Plugin <= 2.11.20 - Cross Site Scripting (XSS) Vulnerability — Welcart e-CommerceCWE-79 | 5.9 | Medium | 2025-09-09 |
| CVE-2025-54012 | WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability — Welcart e-CommerceCWE-502 | 7.2 | High | 2025-08-20 |
| CVE-2025-54013 | WordPress Welcart e-Commerce plugin <= 2.11.16 - Cross Site Scripting (XSS) Vulnerability — Welcart e-CommerceCWE-79 | 5.9 | Medium | 2025-07-16 |
| CVE-2025-47511 | WordPress Welcart e-Commerce plugin <= 2.11.13 - Arbitrary File Deletion Vulnerability — Welcart e-CommerceCWE-22 | 6.8 | Medium | 2025-06-09 |
This page lists every published CVE security advisory associated with info@welcart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.