CVE-2023-6120

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
09/12/2023
Last modified:
20/02/2025

Description

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:* 2.9.7 (excluding)