Welcart e-Commerce, CVE-2023-5953

CVE, Research URL: CVE-2023-5953
Home page URL: Security reports for Welcart e-Commerce
Application: Welcart e-Commerce
Published on: Dec 05, 2023
Research Description: The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server
Affected versions: Min -, max 2.9.5.
Status: vulnerable