shop_options_ajax
AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to create, update and delete shipping methods. Welcart e-Commerce by Collne Inc. <= 2.8.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Method Creation, Modification and Deletion
REPORT ID: 13fcf25d-6827-40c0-b358-15f52abea947
The plugin contains a Missing Authorization vulnerability due to a missing capability check in the
You need to log in to view the vulnerability details.