WordPress Plugin Vulnerabilities

Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access

Description

The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 2.7.8

References

CVE
CVE-2022-41840

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
1e4be6aa-d66e-4d4c-9f62-a49bff73a33b

Timeline

Publicly Published
2022-10-20 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-12-05 (about 3 years ago)

Other

Published
Title
Published
2022-11-30
Title
Easy WP SMTP < 1.5.2 - Admin+ Arbitrary File Access
Published
2023-05-16
Title
WP < 6.2.1 - Directory Traversal via Translation Files
Published
2015-08-28
Title
NextGen Gallery < 2.1.15 - Path Traversal
Published
2014-09-20
Title
W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read
Published
2019-07-28
Title
WP Fastest Cache <= 0.8.9.5 - Directory Traversal