John Peace

**Name of the Vulnerable Software and Affected Versions** Mega Store Woocommerce theme for WordPress versions prior to 5.9 **Description** The software is susceptible to unauthorized data modification because of a missing capability check within the `setup widgets()` function located in the core/includes/importer/whizzie.php file. This allows authenticated attackers possessing Subscriber-level access or higher to create arbitrary pages and alter site settings. **Recommendations** Update to a version newer than 5.9.