Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2022-4236 Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access

🗓️ 02 Jan 2023 21:30:49Reported by WPScanType 
cvelist
 cvelist🔗 www.cve.org👁 7 Views

Welcart e-Commerce WordPress plugin pre 2.8.5 does not validate user input before using it to output file content via AJAX, allowing low role users to read arbitrary files

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Affected
Refs
ReporterTitlePublishedViews
Family
NVD		CVE-2022-4236
2 Jan 202322:15
nvd
CVE		CVE-2022-4236
2 Jan 202322:15
cve
WPVulnDB		Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access
5 Dec 202200:00
wpvulndb
Prion		Input validation
2 Jan 202322:15
prion
wpexploit		Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access
5 Dec 202200:00
wpexploit
Vulnrichment		CVE-2022-4236 Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access
2 Jan 202321:49
vulnrichment
[
  {
    "vendor": "Unknown",
    "product": "Welcart e-Commerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.8.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Jan 2023 21:49Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.00216
welcart e-commercewordpressfile accessajaxuser inputarbitrary filesserver security
7
.json
Report