CVE-2022-4237
First published: Mon Jan 02 2023(Updated: )
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Collne Welcart E-commerce | <2.8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-4237?
CVE-2022-4237 is a vulnerability in the Welcart e-Commerce WordPress plugin before version 2.8.6.
How does CVE-2022-4237 affect the Welcart e-Commerce plugin?
CVE-2022-4237 allows authenticated users with as low as subscriber role to perform PHAR deserialization when they can upload a file.
What is the severity of CVE-2022-4237?
CVE-2022-4237 has a severity rating of 8.8 (high).
How can I fix CVE-2022-4237?
To fix CVE-2022-4237, update the Welcart e-Commerce plugin to version 2.8.6 or higher.
Where can I find more information about CVE-2022-4237?
You can find more information about CVE-2022-4237 at the following reference: [https://wpscan.com/vulnerability/7a4b790c-49ae-46bc-9544-e188deae243f](https://wpscan.com/vulnerability/7a4b790c-49ae-46bc-9544-e188deae243f)
- collector/nvd-index
- agent/references
- vendor/collne
- canonical/collne welcart e-commerce