CVE-2023-1124: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-1124 affects the WordPress plugin Shopping Cart & eCommerce Store (wp-easycart) versions below 5.4.3. This security flaw was discovered and publicly disclosed on March 13, 2023. The vulnerability allows authenticated users with administrative privileges to perform Local File Inclusion (LFI) attacks due to improper validation of HTTP requests (WPScan).

The vulnerability is classified as a Local File Inclusion (LFI) with a CVSS score of 6.8 (medium severity) and is mapped to CWE-22. The flaw exists in the product import functionality where the plugin fails to properly validate the 'importfileurl' parameter in HTTP requests. This vulnerability falls under the OWASP Top 10 category A1: Injection (WPScan).

When exploited, this vulnerability allows authenticated administrators to read arbitrary files on the server through path traversal techniques. While the impact is somewhat limited by the requirement of administrative privileges and the fact that only the first line of the targeted file is obtained in the response, it still represents a significant security risk as it could expose sensitive system information (WPScan).

The vulnerability has been fixed in version 5.4.3 of the Shopping Cart & eCommerce Store plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).