CVE-2022-4140

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce WordPress plugin versions prior to 2.8.5

Description The issue is related to the use of files and directories accessible to external parties. It does not validate user input before using it to output the content of a file, which could allow an unauthenticated attacker to read arbitrary files on the server.

Recommendations For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server until the update is applied.