A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection. The vulnerability is a PHP object-injection vulnerability, which exists in the way the platform handles cookies. The plugin s publisher, Collne Inc., patched the issue in version 1.9.36 of Welcart, released in October. Site admins should upgrade as soon as they can.
Source: https://threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/