cve/2023/CVE-2023-6120.md

CVE-2023-6120

Description

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

POC

Reference

No PoCs from references.

Github

• https://github.com/fkie-cad/nvd-json-data-feeds