VYPR
Unrated severityNVD Advisory· Published Dec 4, 2023· Updated May 29, 2025

Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload

CVE-2023-5953

Description

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.