CVE-2021-4355 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the downloadorderdetaillist, changeorderlist, and downloadmemberlist functions called via admininit hooks in versions up to, and including, 2.2.7. This makes it possible for...