CVE-2022-41840
WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Vulnerabilidad de Directory Traversal no autenticada en el complemento Welcart eCommerce en WordPress en versiones <= 2.7.7.
The Welcart e-Commerce plugin for WordPress is vulnerable to arbitrary file read due to missing restrictions to proper file paths in the ~/functions/progress-check.php file in versions 2.6.0 - 2.7.7. This makes it possible for unauthenticated attackers to read arbitrary files on the affected sites server leading to information disclosure.
*Credits:
Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-02 CVE Published
- 2022-10-19 CVE Reserved
- 2024-09-16 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Collne Search vendor "Collne" | Welcart E-commerce Search vendor "Collne" for product "Welcart E-commerce" | < 2.7.8 Search vendor "Collne" for product "Welcart E-commerce" and version " < 2.7.8" | wordpress |
Affected
| ||||||