WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.8.22 - Author+ Path Traversal

Description

The plugin does not prevent users with author or higher privilege from obtaining partial information of the files on the web server

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 2.8.22

References

CVE
CVE-2023-40532
URL
https://jvn.jp/en/jp/JVN97197972/

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Akihiro Hashimoto
Verified
No
WPVDB ID
220a6004-47f9-47af-afdd-2d9d2efa1901

Timeline

Publicly Published
2023-09-26 (about 2 years ago)
Added
2023-09-28 (about 2 years ago)
Last Updated
2023-09-28 (about 2 years ago)

Other

Published
Title
Published
2022-09-05
Title
Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
Published
2022-03-01
Title
String Locator < 2.5.0 - Admin+ Arbitrary File Read
Published
2023-05-15
Title
Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal
Published
2022-08-09
Title
WPide < 3.0 - Admin+ Arbitrary File Read
Published
2023-11-13
Title
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download