Welcart e-Commerce < 2.2.8 – Authenticated System Information Disclosure | CVE 2021-4375

Description

The usces_download_system_information AJAX action of the plugin did not have capability check in place, allowing any authenticated user (such as subscriber) to can export data including WordPress settings, theme and plugins (active/inactive) along with their version, Welcart general settings and payment method etc, as well as the server and PHP settings

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=usces_download_system_information

Affects Plugins

usc-e-shop

Fixed in 2.2.8

References

CVE

CVE-2021-4375

URL

https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet)

Verified

Yes

WPVDB ID

ecaf1932-2b16-4303-8c21-cb70aeabbfdc

Timeline

Publicly Published

2021-08-06 (about 4 years ago)

Added

2021-08-06 (about 4 years ago)

Last Updated

2023-06-08 (about 2 years ago)

Other

Published

Title

Published

2020-08-04

Title

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls

Published

2024-05-06

Title

ClickCease Click Fraud Protection < 3.2.5 - Improper Authorization to sensitive information exposure via get_settings

Published

2018-12-04

Title

JobCareer < 2.4.1 - User enumeration & Reset password

Published

2023-11-28

Title

JetEngine < 3.2.5 - Authenticated (Contributor+) Privilege Escalation

Published

2024-02-19

Title

Coming Soon Maintenance Mode < 1.0.6 - Information Exposure