CVE-2022-41840: WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability - Patchstack

Verified

Fixed

7.5

CVSS 3.1 score High severity

Report

Monitoring Not reported to be exploited

Vulnerable versions

<= 2.7.7

PSID

18cf4135b6c5

Classification

Directory Traversal

OWASP Top 10

A1: Injection

Required privilege

Can be exploited remotely without any authentication.

Publicly disclosed

2022-10-20

Details

Unauth. Directory Traversal vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance) in the WordPress Welcart e-Commerce plugin (versions <= 2.7.6).

Solution

Update the WordPress Welcart e-Commerce plugin to the latest available version (at least 2.7.8).

References