CVE-2023-6327

Name of the Vulnerable Software and Affected Versions ShopLentor plugin for WordPress versions up to, and including, 2.8.7

Description The issue allows unauthorized access to data due to a missing capability check on the purchased new products function. This enables unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.

Recommendations For ShopLentor plugin for WordPress versions up to, and including, 2.8.7, update to a version higher than 2.8.7 to resolve the issue. As a temporary workaround, consider restricting access to the purchased new products function until a patch is available.