Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_delete_expired_used_coupon_code

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_delete_expired_used_coupon_code function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability.