JVN#97197972
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
Overview
WordPress plugin "Welcart e-Commerce" contains multiple vulnerabilities.
Products Affected
- Welcart e-Commerce versions 2.7 to 2.8.21
Description
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below.
- Unrestricted Upload of File with Dangerous Type (CWE-434) - CVE-2023-40219
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score: 2.7 CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0 - Path Traversal (CWE-22) - CVE-2023-40532
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0 - Cross-site Scripting in registration process of Item List page (CWE-79) - CVE-2023-41233
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3 - Cross-site Scripting in Credit Card Payment Setup page (CWE-79) - CVE-2023-41962
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3 - Cross-site Scripting in Item List page (CWE-79) - CVE-2023-43484
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:N Base Score: 4.3 - SQL Injection in Item List page (CWE-89) - CVE-2023-43493
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0 - SQL Injection in Order Data Edit page (CWE-89) - CVE-2023-43610
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:N Base Score: 5.5 - Cross-site Scripting in Order Data Edit page (CWE-79) - CVE-2023-43614
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:N Base Score: 4.3
Impact
- A user with editor or higher privilege may upload an arbitrary file to an unauthorized directory - CVE-2023-40219
- A user with author or higher privilege may obtain partial information of the files on the web server - CVE-2023-40532
- An arbitrary script may be executed on a logged-in user's web browser - CVE-2023-41233, CVE-2023-43484, CVE-2023-43614
- When accessing a specially crafted page, an arbitrary script may be injected in Credit Card Payment Setup page - CVE-2023-41962
- A user with author or higher privilege may obtain sensitive information - CVE-2023-43493
- A user with editor (without setting authority) or higher privilege may perform unintended database operations - CVE-2023-43610
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following version that addresses these vulnerabilities.
- Welcart e-Commerce 2.8.22
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Collne Inc. | Vulnerable | 2023/09/22 | Collne Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2023-40219
Akihiro Hashimoto reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-40532, CVE-2023-41233, CVE-2023-41962, CVE-2023-43484, CVE-2023-43493, CVE-2023-43610, CVE-2023-43614
Shogo Kumamaru of LAC CyberLink Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-40219 |
|
CVE-2023-40532 |
|
|
CVE-2023-41233 |
|
|
CVE-2023-41962 |
|
|
CVE-2023-43484 |
|
|
CVE-2023-43493 |
|
|
CVE-2023-43610 |
|
|
CVE-2023-43614 |
|
| JVN iPedia |
JVNDB-2023-000094 |