CVE-2023-5953

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 4, 2023

Updated: Dec 8, 2023

CWE ID 434

Summary

CVE-2023-5953 is a vulnerability affecting the Welcart e-Commerce plugin for WordPress. This issue allows authenticated users, including subscribers, to upload arbitrary files without proper validation or authorization checks. The plugin's AJAX action handling for file uploads is also susceptible to Cross-Site Request Forgery (CSRF) attacks, exacerbating the risk. Unauthorized PHP files could be uploaded, posing a serious security threat to the server.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tQkcf3
https://www.cve.org/CVERecord?id=CVE-2023-5953
https://nvd.nist.gov/vuln/detail/CVE-2023-5953

Back to Vulnerability Database

CVE-2023-5953

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations