CVE-2025-54012 — Deserialization of Untrusted Data in Welcart Welcart E-commerce

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 71.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Info Welcart Welcart E-commerce

Timeline

PublishedAug 20

Description

Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16.

Affected Packages1 packages

▶CVEListV5info_welcart/welcart_e-commerce2.11.16

🔴Vulnerability Details

GHSA

GHSA-hjqj-qjq9-mvgj: Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection↗2025-08-20

▶

CVEList

WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability↗2025-08-20

▶