cbcvebase.
CVE-2023-6120
published 2023-12-09

CVE-2023-6120: The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file…

PriorityP413low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.46%
36.4th percentile
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

Affected

2 ranges
VendorProductVersion rangeFixed in
uscnanbuwelcart_e-commerce<= 2.9.6
welcartwelcart_e-commerce< 2.9.72.9.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.