CVE-2023-1124

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt