The shopping cart application contains a PHP object-injection bug.
A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said.
Welcart e-Commerce is a free WordPress plugin that has more than 20,000 installations – it enjoys top market share in Japan, according to WordPress. It allows site owners to add online…