cbcvebase.
CVE-2021-4375
published 2023-06-07

CVE-2021-4375: The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information()…

PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.61%
44.7th percentile
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.

Affected

2 ranges
VendorProductVersion rangeFixed in
uscnanbuwelcart_e-commerce< 2.2.82.2.8
welcartwelcart_e-commerce<= 2.2.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.