CVE-2021-4355
published 2023-06-07CVE-2021-4355: The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list()…
PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.81%
52.2th percentile
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uscnanbu | welcart_e-commerce | < 2.2.8 | 2.2.8 |
| welcart | welcart_e-commerce | <= 2.2.7 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/https://www.wordfence.com/threat-intel/vulnerabilities/id/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cvehttps://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/https://www.wordfence.com/threat-intel/vulnerabilities/id/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cve
2023-06-07
Published