Lucene search

Japan Vulnerability NotesJVN:31073333

HistoryJan 17, 2023 - 12:00 a.m.

JVN#31073333: WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal

2023-01-1700:00:00

Japan Vulnerability Notes

jvn.jp

wordpress

welcart e-commerce

directory traversal

update

vulnerability

collne inc.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.013 Low

EPSS

Percentile

85.9%

JSON

WordPress plugin “Welcart e-Commerce” provided by Collne Inc. contains a directory traversal vulnerability (CWE-22).

Impact

Arbitrary files on the server may be viewed by a remote attacker.

Solution

Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following version that addresses the vulnerability.

Welcart e-Commerce 2.8.6 or later

Products Affected

Welcart e-Commerce versions 2.6.0 to 2.8.5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for JVN:31073333