Cyber Resilience

CVE-2022-41840

High

Published: 18 November 2022

Published
18 November 2022
Modified
20 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6574 98.5th percentile
Risk Priority 54 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41840 is a high-severity Path Traversal (CWE-22) vulnerability in Welcart Welcart E-Commerce. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-41840 is an unauthenticated directory traversal vulnerability, tracked under CWE-22, that affects the Welcart eCommerce plugin for WordPress at version 2.7.7 and earlier. The flaw received a CVSS 3.1 base score of 7.5, reflecting network-accessible attack vectors that require no authentication or user interaction and result in high confidentiality impact.

An unauthenticated attacker can send specially crafted requests to the vulnerable plugin to traverse directories and read arbitrary files on the server, exposing sensitive configuration data, credentials, or other restricted content without any prior access.

Public advisories published through Patchstack document the issue and point administrators to updated plugin releases that remediate the traversal flaw. The associated EPSS score reached a peak of 0.8356 before receding to its current value of 0.6574.

EU & UK References

Vulnerability details

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

welcart
welcart e-commerce
≤ 2.7.8

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References