Description
WordPress Plugin Welcart e-Commerce is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Welcart e-Commerce version 2.2.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.2.8 or latest
References
https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/
https://plugins.svn.wordpress.org/usc-e-shop/trunk/readme.txt
Related Vulnerabilities
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12615)
WordPress Plugin AJS Instagram Feed Cross-Site Scripting (1.0)