Security Advisory

CVE-2023-5953

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-04 21:28:03

Last updated 2025-05-29 13:53:03

Assigner WPScan

State PUBLISHED

Description

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server

← Browse all CVEs View on cve.org ↗