Welcart e-Commerce, CVE-2022-4236

CVE, Research URL: CVE-2022-4236
Home page URL: Security reports for Welcart e-Commerce
Application: Welcart e-Commerce
Published on: Jan 03, 2023
Research Description: The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
Affected versions: Min -, max 2.8.5.
Status: vulnerable