WordPress Plugin: floating-cart-xforwc: CVE-2021-4337: Missing Authorization

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce less than 8.2.0, Improved Product Options for WooCommerce less than 5.3.0, Improved Sale Badges for WooCommerce less than 4.4.0, Share, Print and PDF Products for WooCommerce less than 2.8.0, Product Loops for WooCommerce less than 1.7.0, XforWooCommerce less than 1.7.0, Package Quantity Discount less than 1.2.0, Price Commander for WooCommerce less than 1.3.0, Comment and Review Spam Control for WooCommerce less than 1.5.0, Add Product Tabs for WooCommerce less than 1.5.0, Autopilot SEO for WooCommerce less than 1.6.0, Floating Cart less than 1.3.0, Live Search for WooCommerce less than 2.1.0, Bulk Add to Cart for WooCommerce less than 1.3.0, Live Product Editor for WooCommerce less than 4.7.0, and Warranties and Returns for WooCommerce less than 5.3.0.