Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_delete_expired_used_coupon_code function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 5.16.1 |