Stored Cross-Site Scripting Vulnerability in Welcart e-Commerce Plugin for WordPress
CVE-2025-0511

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Welcart E-commerce
Vendor: CVE Published:; 12 February 2025

Summary

The Welcart e-Commerce plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability that arises from inadequate input sanitization and output escaping. Attackers can exploit this flaw through the 'name' parameter, allowing them to inject arbitrary scripts that execute in users' browsers when they visit affected pages. This issue affects all versions of the plugin up to and including 2.11.9, posing a risk to site integrity and user safety.

Affected Version(s)

Welcart e-Commerce * <= 2.11.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/usc-e-shop/tru...

https://wordpress.org/plugins/usc-e-shop/#developers

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

Khayal Farzaliyev