CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.
We have discovered 1,155 live websites that are affected by CVE-2021-4375.
Details
- Published - Jun 7, 2023
- Updated - Dec 20, 2024
Credits
- Jerome Bruandet (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2021-4375 United States | 23 websites |
 Japan | 1,058 websites |
 Australia | 2 websites |
 Netherlands | 2 websites |
 Bulgaria | 1 websites |
 Spain | 1 websites |
 France | 1 websites |
 GB | 1 websites |
 Guatemala | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-4375| .com | 595 websites |
| .jp | 239 websites |
| .co.jp | 126 websites |
| .net | 94 websites |
| .org | 18 websites |
| .info | 15 websites |
| .be | 1 websites |
Websites affected by CVE-2021-4375
Top websites that are affected by CVE-2021-4375. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com | Japan | ***,*** | |
| ***.**.jp | Japan | ***,*** | |
| ********.jp | Japan | ***,*** | |
| ******.net | Japan | ***,*** | |
| *********.com | Japan | *,***,*** | |
| ********.jp | Japan | *,***,*** | |
| *******.com | Japan | *,***,*** | |
| *******.com | Japan | *,***,*** | |
| *************.jp | Japan | *,***,*** | |
| **********.jp | Japan | *,***,*** |
FAQ
A total of 1,155 websites have been identified as vulnerable to CVE-2021-4375, based on global website indexing conducted by WebTechSurvey.
The Welcart is affected by the CVE-2021-4375 vulnerability.
Welcart versions up to 2.2.8 are vulnerable to CVE-2021-4375.
CVE-2021-4375 is resolved in version 2.2.8 of Welcart.