CVE-2023-1124

Name of the Vulnerable Software and Affected Versions The Shopping Cart & eCommerce Store WordPress plugin versions prior to 5.4.3

Description The issue allows authenticated users with admin privileges to perform Local File Inclusion (LFI) attacks due to a lack of validation of HTTP requests. LFI attacks involve tricking an application into accessing or including files on the server that it should not, potentially leading to sensitive information disclosure or code execution.

Recommendations For versions prior to 5.4.3, update to version 5.4.3 or later to resolve the issue. As a temporary workaround, consider restricting admin privileges to trusted users only until the update can be applied.