WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.9.7 - Authenticated (Administrator+) Directory Traversal

Description

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 2.9.7

References

CVE
CVE-2023-6120
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
5cdda85f-c6a6-4015-9ab7-9aaf98eb8ada

Timeline

Publicly Published
2023-12-08 (about 2 years ago)
Added
2023-12-09 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2024-06-06
Title
Ovic Importer <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Download
Published
2024-09-24
Title
CSS JS Files < 1.5.1 - Authenticated (Admin+) Arbitrary File Read
Published
2026-01-13
Title
Anona <= 8.0 - Unauthenticated Arbitrary File Deletion
Published
2021-10-19
Title
Images to WebP < 1.9 - Authenticated Local File Inclusion
Published
2026-03-05
Title
My Album Gallery <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Deletion