Report
The Welcart e-Commerce plugin for WordPress is vulnerable to arbitrary file read due to missing restrictions to proper file paths in one of its AJAX actions in versions 2.6.10-2.8.4. This makes it possible for authenticated attackers, with subscriber-level access and higher, to read arbitrary files on the affected sites server leading to information disclosure.
Score:4.1
Severity:Medium
Version:< 2.8.5
There is a patch available in v2.8.5 and we strongly recommend you update to this version as soon as possible.
