CVE-2021-4355 Information

Description

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list() change_orderlist() and download_member_list() functions called via admin_init hooks in versions up to and including 2.2.7. This makes it possible for unauthenticated attackers to download lists of members products and orders.

Reference

https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/ https://www.wordfence.com/threat-intel/vulnerabilities/id/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cve