WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.8.22 - Editor+ Arbitrary File Upload

Description

The plugin does not prevent users with editor or higher privileges from uploading an arbitrary file to an unauthorized directory.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 2.8.22

References

CVE
CVE-2023-40219
URL
https://jvn.jp/en/jp/JVN97197972/

Miscellaneous

Original Researcher
Akihiro Hashimoto
Verified
No
WPVDB ID
4c33a81c-a730-4396-9917-e240b036dfa9

Timeline

Publicly Published
2023-09-26 (about 2 years ago)
Added
2023-09-28 (about 2 years ago)
Last Updated
2023-09-28 (about 2 years ago)

Other

Published
Title
Published
2024-10-24
Title
aDirectory < 1.3.1 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
yvora - Arbitrary File Upload
Published
2024-08-19
Title
AdRotate < 5.13.3 - Admin+ Double Extension Arbitrary File Upload
Published
2014-08-01
Title
SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution
Published
2014-08-01
Title
1 Flash Gallery - Arbitrary File Upload Exploit (MSF)