CVE-2023-7067

Name of the Vulnerable Software and Affected Versions ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.8.1

Description The issue is related to unauthorized modification of data due to a missing capability check on the woolentor template store function. This allows authenticated attackers with contributor access and above to access the nonce used to access this function and set a blank template as the default template.

Recommendations For versions up to, and including, 2.8.1, update to a version higher than 2.8.1 to resolve the issue. As a temporary workaround, consider restricting access to the woolentor template store function to minimize the risk of exploitation. Ensure that only authorized users have contributor access and above to prevent unauthorized modification of data.