Unrated severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion
CVE-2022-3946
Description
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Welcart e-Commerce WordPress plugindescription
- Range: <2.8.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/b48e4e1d-e682-4b16-81dc-2feee78d7ed0mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.