Primary

Context

Welcart e-Commerce Untrusted Data Deserialization Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability allowing untrusted data deserialization has been identified in the Welcart e-Commerce WordPress plugin, specifically in versions through 2.11.6. This vulnerability could be exploited by remote, unauthenticated attackers to execute arbitrary code on websites using this plugin.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected WordPress site.

Remediation

Users are advised to update the Welcart e-Commerce plugin to version 2.11.12, which addresses this vulnerability. Instructions for updating the plugin are available on the Welcart website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Welcart e-Commerce Untrusted Data Deserialization Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Welcart e-Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating