Headline
CVE-2023-43484: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
Published:2023/09/22 Last Updated:2023/09/22
Overview
WordPress plugin “Welcart e-Commerce” contains multiple vulnerabilities.
Products Affected
- Welcart e-Commerce versions 2.7 to 2.8.21
Description
WordPress plugin “Welcart e-Commerce” provided by Collne Inc. contains multiple vulnerabilities listed below.
Unrestricted Upload of File with Dangerous Type (****CWE-434****) - CVE-2023-40219
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Base Score: 2.7
CVSS v2
AV:N/AC:L/Au:S/C:N/I:P/A:N
Base Score: 4.0
Path Traversal (****CWE-22****) - CVE-2023-40532
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score: 4.3
CVSS v2
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score: 4.0
Cross-site Scripting in registration process of Item List page (****CWE-79****) - CVE-2023-41233
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score: 6.1
CVSS v2
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score: 4.3
Cross-site Scripting in Credit Card Payment Setup page (****CWE-79****) - CVE-2023-41962
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score: 6.1
CVSS v2
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score: 4.3
Cross-site Scripting in Item List page (****CWE-79****) - CVE-2023-43484
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score: 6.1
CVSS v2
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score: 4.3
SQL Injection in Item List page (****CWE-89****) - CVE-2023-43493
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score: 6.5
CVSS v2
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score: 4.0
SQL Injection in Order Data Edit page (****CWE-89****) - CVE-2023-43610
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score: 5.4
CVSS v2
AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score: 5.5
Cross-site Scripting in Order Data Edit page (****CWE-79****) - CVE-2023-43614
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score: 6.1
CVSS v2
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score: 4.3
Impact
- A user with editor or higher privilege may upload an arbitrary file to an unauthorized directory - CVE-2023-40219
- A user with author or higher privilege may obtain partial information of the files on the web server - CVE-2023-40532
- An arbitrary script may be executed on a logged-in user’s web browser - CVE-2023-41233, CVE-2023-43484, CVE-2023-43614
- When accessing a specially crafted page, an arbitrary script may be injected in Credit Card Payment Setup page - CVE-2023-41962
- A user with author or higher privilege may obtain sensitive information - CVE-2023-43493
- A user with editor (without setting authority) or higher privilege may perform unintended database operations - CVE-2023-43610
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following version that addresses these vulnerabilities.
- Welcart e-Commerce 2.8.22
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2023-40219
Akihiro Hashimoto reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-40532, CVE-2023-41233, CVE-2023-41962, CVE-2023-43484, CVE-2023-43493, CVE-2023-43610, CVE-2023-43614
Shogo Kumamaru of LAC CyberLink Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information