Security issue with Welcart E-Commerce Plugin

Plug-in publisher Collne Inc. issues security update for all users of the ecommerce plug-in

On October 6th, 2020, The team at Wordfence conducted an investigation on security vunerabilities on a e-commerce plugin known as Welcart e-Commerce. Here is the summary of their report...

Welcart e-Commerce is a plugin that can be used to make a online store with separate customer accounts. The plug in uses different cookies other than WordPress itself and because of this, a attacker could send a unauthorized request with usces_cookie  parameter to inject a PHP object. According to the report, A high-severity object injection vulnerability in the plug-in, which has over 20,000 users including a top market share in Japan. After the issue was discovered, the plug-in was patched in version 1.9.36 on October 20th, 2020. All versions previous to this plugin are affected and users are advised to update to the latest version right away. Sites that are using the free version of Wordfence will receive an update on November 8th, 2020. We thank the Wordfence team and the developer Collne Inc for its quick response to the security vulnerability.


Leave a Reply

Your email address will not be published. Required fields are marked *