The Wayback Machine - https://web.archive.org/web/20251111234422/https://jetpack.com/features/security/library/usc-e-shop-plugin/
Welcart e-Commerce: Plugin Details
Welcart e-Commerce: Security Information
Insecure versions:
Up To 2.11.9
Known since: 2025-02-11 22:31:36
Insecure versions:
Up To 2.11.1
Known since: 2024-10-04 17:31:04
Insecure versions:
Up To 2.10
Known since: 2024-04-17 18:30:47
Insecure versions:
Up To 2.9.5
Known since: 2024-01-18 02:00:33
Insecure versions:
Up To 2.9.4
Known since: 2024-01-17 14:01:03
Insecure versions:
Up To 2.9.3
Known since: 2024-01-17 14:01:03
Insecure versions:
Up To 2.9.6
Known since: 2023-12-09 14:01:22
Insecure versions:
Up To 2.9.4
Known since: 2023-11-10 10:33:46
Insecure versions:
Up To 2.9.4
Known since: 2023-11-10 10:33:46
Insecure versions:
Up To 2.9.4
Known since: 2023-11-10 10:33:45
Insecure versions:
Up To 2.8.21
Known since: 2023-09-28 14:46:10
Insecure versions:
Up To 2.8.21
Known since: 2023-09-28 14:46:10
Insecure versions:
Up To 2.8.21
Known since: 2023-09-28 14:46:09
Insecure versions:
Up To 2.8.21
Known since: 2023-09-28 14:46:08
Insecure versions:
Up To 2.8.21
Known since: 2023-09-28 14:46:08
Insecure versions:
Up To 2.8.10
Known since: 2023-03-30 13:06:41
Insecure versions:
Up To 2.8.8
Known since: 2022-12-23 07:46:21
Insecure versions:
Up To 2.8.4
Known since: 2022-12-07 14:46:55
Insecure versions:
Up To 2.8.4
Known since: 2022-12-07 14:45:57
Insecure versions:
Up To 2.8.5
Known since: 2022-12-07 10:21:37
Insecure versions:
Up To 2.8.3
Known since: 2022-11-22 09:27:50
Insecure versions:
Up To 2.8.3
Known since: 2022-11-22 09:26:45
Insecure versions:
Up To 2.7.7
Known since: 2022-11-21 23:03:02
Insecure versions:
Up To 2.2.7
Known since: 2021-08-09 16:33:26
Insecure versions:
Up To 2.2.3
Known since: 2021-06-14 14:56:06
Description: The order_id parameter was not validated or sanitized, leading to a potential reflected cross-site scripting vulnerability.
Insecure versions:
Up To 2.1.0
Known since: 2021-02-08 13:25:04
Insecure versions:
Up To 1.9.35
Known since: 2020-11-06 14:51:34
Description: The plugin unserialises (via usces_unserialize()) the content of the usces_cookie cookie, which could lead to a PHP Object Injection issue.
Insecure versions:
Up To 1.8.2
Known since: 2016-06-28 09:06:51
Insecure versions:
Up To 1.5.2
Known since: 2016-01-04 20:32:32
Insecure versions:
Up To 1.8.2
Known since: 2015-12-02 19:42:23
Insecure versions:
Up To 1.3.12
Known since: 2015-11-25 04:39:40
Insecure versions:
Up To 1.4.17
Known since: 2015-10-09 20:32:21
Insecure versions:
Up To 1.3.12
Known since: 2014-03-18 20:05:54
Description: Welcart e-Commerce 1.3.12 - wp-admin/admin.php Multiple Parameter SQL Injection
Insecure versions:
Up To 1.3.12
Known since: 2014-03-18 20:05:54
Description: Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS
Insecure versions:
Up To 1.3.12
Known since: 2014-03-18 20:05:54
Description: Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS
Welcart e-Commerce: Safety Recommendations
We have rated Welcart e-Commerce as
Good (current version safe) which means
that we have found vulnerabilities in older versions.
We recommend that
you only use the latest version of Welcart e-Commerce.
Welcart e-Commerce: Staying Up-to-date
Make sure your installation of
Welcart e-Commerce is safe with the following
free Jetpack services for WordPress sites:
Updates & Management Prevent Infiltrations
Choose Your
Plan
Welcart e-Commerce: Keeping Safe
If you're running a business, ecommerce, news, or other critical website, Jetpack also provides
additional indispensable services:
Automated Backups Restores & Migrations Security Scanning Expert Support
Choose Your
Plan
About this information
This WordPress security information is part of our
security
library and is brought to you by Jetpack as part of our committment to a safer WordPress
experience.
If you have any questions, please do not hesitate to
contact us .
🔔 Free Newsletter
Jetpack 