Rewterz Threat Advisory – Multiple WordPress Welcart e-Commerce plugin Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-40532 CVSS:4.3

Welcart e-Commerce plugin for WordPress could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

CVE-2023-40219 CVSS:2.7

Welcart e-Commerce plugin for WordPress could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

CVE-2023-43493 CVSS:6.5

Welcart e-Commerce plugin for WordPress is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements to the Item List page, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE-2023-43614 CVSS:6.1

Welcart e-Commerce plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Order Data Edit page. A remote attacker could exploit this vulnerability to execute a script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-43484 CVSS:6.1

Welcart e-Commerce plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Item List page. A remote attacker could exploit this vulnerability to execute a script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-41962 CVSS:6.1

Welcart e-Commerce plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Credit Card Payment Setup page. A remote attacker could exploit this vulnerability to execute a script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-41962 CVSS:6.1

Welcart e-Commerce plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Credit Card Payment Setup page. A remote attacker could exploit this vulnerability to execute a script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-41233 CVSS:6.1

Welcart e-Commerce plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the registration process of Item List page. A remote attacker could exploit this vulnerability to execute a script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

• Data Manipulation
• Information Theft
• Cross-Site Scripting

Indicators Of Compromise

CVE

• CVE-2023-40532
• CVE-2023-40219
• CVE-2023-43493
• CVE-2023-43614
• CVE-2023-43484
• CVE-2023-41962
• CVE-2023-41233

Affected Vendors

WordPress

Affected Products

• Welcart e-Commerce plugin for WordPress 2.8.21
• Welcart e-Commerce plugin for WordPress 2.7

Remediation

Upgrade to the latest version of Welcart e-Commerce plugin for WordPress, available from the WordPress Plugin Directory. 

WordPress Plugin Directory