Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Welcart |
|
No data.
References
History
Tue, 08 Jul 2025 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Welcart
Welcart welcart E-commerce |
|
| CPEs | cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Welcart
Welcart welcart E-commerce |
|
| Metrics |
cvssV3_1
|
Tue, 01 Apr 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 01 Apr 2025 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. | |
| Weaknesses | CWE-502 | |
| References |
| |
| Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2025-04-01T08:57:25.711Z
Updated: 2025-04-01T15:16:20.041Z
Reserved: 2025-03-28T08:14:54.581Z
Link: CVE-2025-27130
Vulnrichment
Updated: 2025-04-01T15:16:15.436Z
NVD
Status : Analyzed
Published: 2025-04-01T09:15:15.657
Modified: 2025-07-08T17:09:54.687
Link: CVE-2025-27130
Redhat
No data.