Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.
View the template here CVE-2022-41840.yaml
References:
https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve