CVE-2021-4355

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce plugin for WordPress versions up to and including 2.2.7

Description The issue is related to missing capability checks on certain functions, specifically download orderdetail list(), change orderlist(), and download member list(), which are called via admin init hooks. This allows unauthenticated attackers to download sensitive information, including lists of members, products, and orders.

Recommendations For versions up to and including 2.2.7, update to a version that includes the necessary capability checks to prevent unauthorized access to sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.