First published: Sat Dec 09 2023(Updated: )
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Collne Welcart E-commerce | <2.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.