CVE-2023-6327

by Fred · 09/05/2024

The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.

Date published : 2024-05-09

https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/2.7.4/includes/modules/sales-notification/class.sale_notification.php

https://plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/modules/sales-notification/class.sale_notification.php?contextall=1&old=3061864&old_path=%2Fwoolentor-addons%2Ftrunk%2Fincludes%2Fmodules%2Fsales-notification%2Fclass.sale_notification.php

CVE-2023-6327

Similar

Recent Posts

Categories

CVE-2023-6327

Share this:

Similar

Recent Posts

Categories

Tags