CVE-2021-4355
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
We have discovered 1,155 live websites that are affected by CVE-2021-4355.
Details
- Published - Jun 7, 2023
- Updated - Dec 28, 2024
Credits
- Jerome Bruandet (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2021-4355 United States | 23 websites |
 Japan | 1,058 websites |
 Australia | 2 websites |
 Netherlands | 2 websites |
 Bulgaria | 1 websites |
 Spain | 1 websites |
 France | 1 websites |
 GB | 1 websites |
 Guatemala | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-4355| .com | 595 websites |
| .jp | 239 websites |
| .co.jp | 126 websites |
| .net | 94 websites |
| .org | 18 websites |
| .info | 15 websites |
| .be | 1 websites |
Websites affected by CVE-2021-4355
Top websites that are affected by CVE-2021-4355. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com | Japan | ***,*** | |
| ***.**.jp | Japan | ***,*** | |
| ********.jp | Japan | ***,*** | |
| ******.net | Japan | ***,*** | |
| *********.com | Japan | *,***,*** | |
| ********.jp | Japan | *,***,*** | |
| *******.com | Japan | *,***,*** | |
| *******.com | Japan | *,***,*** | |
| *************.jp | Japan | *,***,*** | |
| **********.jp | Japan | *,***,*** |
FAQ
A total of 1,155 websites have been identified as vulnerable to CVE-2021-4355, based on global website indexing conducted by WebTechSurvey.
The Welcart is affected by the CVE-2021-4355 vulnerability.
Welcart versions up to 2.2.8 are vulnerable to CVE-2021-4355.
CVE-2021-4355 is resolved in version 2.2.8 of Welcart.