CVE-2021-4375 Information

Description

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to and including 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings plugin settings PHP settings and server settings.

Reference

https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/ https://www.wordfence.com/threat-intel/vulnerabilities/id/d82e856b-c8c9-4139-ad54-89368e3b7125?source=cve