Welcart Inc Welcart E-Commerce vulnerabilities

CVE-2025-27130 [HIGH] CWE-502 CVE-2025-27130: Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerabil Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

CVE-2024-42404 [HIGH] CWE-89 CVE-2024-42404: SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login t SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.

CVE-2024-45366 [MEDIUM] CWE-79 CVE-2024-45366: Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerabil Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.

CVE-2024-32144 [MEDIUM] CWE-862 CVE-2024-32144: Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e- Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.