First published: Wed Jun 07 2023(Updated: )
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Collne Welcart E-commerce | <=2.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-4375.
The severity of CVE-2021-4375 is medium with a CVSS score of 4.3.
CVE-2021-4375 affects the Welcart e-Commerce plugin for WordPress versions up to and including 2.2.7.
CVE-2021-4375 allows authenticated attackers to bypass authorization and download sensitive information, including WordPress system information.
Yes, a fix for CVE-2021-4375 is available. It is recommended to update the Welcart e-Commerce plugin for WordPress to a version higher than 2.2.7.