CVE-2023-5953
- Reference to the description:
- Description:
- The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server
- Last updated date:
- 02/20/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/08/2023
- Reference url to background
https://wpscan.com/vulnerability/6d29ba12-f14a-4cee-baae-a6049d83bce6