Stored XSS in Welcart e-Commerce by Nanbu
CVE-2025-54013

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Welcart E-commerce
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-54013?

The Welcart e-Commerce plugin by Nanbu suffers from a Stored Cross-site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts through improperly sanitized input. This issue affects all versions from n/a up to 2.11.16, posing significant risks to the security of websites utilizing this plugin. Successful exploitation could result in unauthorized access to sensitive user data and potentially compromise the integrity of the affected systems.

Affected Version(s)

Welcart e-Commerce <= 2.11.16

References

https://patchstack.com/database/wordpress/plugin/usc-e-sh...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

63n0 (Patchstack Alliance)