Security Advisory

CVE-2022-4236

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-02 21:49:30

Last updated 2025-04-10 18:47:32

Assigner WPScan

State PUBLISHED

Description

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

← Browse all CVEs View on cve.org ↗