CVE-2022-4236

Published: Jan 2, 2023Modified: Apr 10, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

Affected (1)

Products: Welcart: Welcart E Commerce

1 product

Welcart E Commerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Welcart Welcart E Commerce	Before 2.8.5

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://wpscan.com/vulnerability/436d8894-dab8-41ea-8ed0-a3338aded635

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/436d8894-dab8-41ea-8ed0-a3338aded635

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.