WordPress · Welcart E-Commerce · CVE-2022-4140
**Name of the Vulnerable Software and Affected Versions**
Welcart e-Commerce WordPress plugin versions prior to 2.8.5
**Description**
The issue is related to the use of files and directories accessible to external parties. It does not validate user input before using it to output the content of a file, which could allow an unauthenticated attacker to read arbitrary files on the server.
**Recommendations**
For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server until the update is applied.