Welcart e-Commerce, CVE-2021-4375

CVE, Research URL: CVE-2021-4375
Home page URL: Security reports for Welcart e-Commerce
Application: Welcart e-Commerce
Published on: Jun 07, 2023
Research Description: The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.
Affected versions: Min -, max 2.8.22.
Status: vulnerable