From 50554035566b6ddbc27f50acb39b03e9e11f1a4a Mon Sep 17 00:00:00 2001
From: Ilnur Basyrov <ilnur.basyrov@lightspeedhq.com>
Date: Fri, 13 Feb 2026 15:36:11 +0400
Subject: [PATCH] PLUGINS-6345

---
 CHANGELOG.txt                            | 3 +++
 ecwid-shopping-cart.php                  | 2 +-
 includes/class-ec-store-admin-access.php | 4 ++++
 readme.txt                               | 5 ++++-
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index ee9f912f..85f1870a 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,4 +1,7 @@
 == Changelog ==
+= 7.0.8 - Feb 13, 2026 =
+- **Plugin code improvements for better security. Ecwid ecommerce shopping cart plugin update recommended.**
+
 = 7.0.7 - Jan 29, 2026 =
 - **Plugin code improvements for better security. Ecwid ecommerce shopping cart plugin update recommended.**
 
diff --git a/ecwid-shopping-cart.php b/ecwid-shopping-cart.php
index 4b3bb5dd..72e7ff76 100644
--- a/ecwid-shopping-cart.php
+++ b/ecwid-shopping-cart.php
@@ -5,7 +5,7 @@
 Description: Ecwid by Lightspeed is a full-featured shopping cart. It can be easily integrated with any Wordpress blog and takes less than 5 minutes to set up.
 Text Domain: ecwid-shopping-cart
 Author: Ecwid Ecommerce
-Version: 7.0.7
+Version: 7.0.8
 Author URI: https://go.lightspeedhq.com/ecwid-site
 License: GPLv2 or later
 */
diff --git a/includes/class-ec-store-admin-access.php b/includes/class-ec-store-admin-access.php
index 75e7ad55..ba779a93 100644
--- a/includes/class-ec-store-admin-access.php
+++ b/includes/class-ec-store-admin-access.php
@@ -31,6 +31,10 @@ public function save_custom_user_profile_fields( $user_id ) {
 			return;
 		}
 
+        if ( ! $this->can_grant_access() ) {
+            return;
+        }
+
 		$user = new WP_User( $user_id );
 
 		if ( ! empty( $_POST['ec_store_admin_access'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
diff --git a/readme.txt b/readme.txt
index d7064cd5..a8337682 100644
--- a/readme.txt
+++ b/readme.txt
@@ -5,7 +5,7 @@ License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 Requires at least: 4.4
 Tested up to: 6.9
-Stable tag: 7.0.7
+Stable tag: 7.0.8
 
 Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support.
 
@@ -152,6 +152,9 @@ You can use Ecwid’s built-in import tools to copy your store products from any
 * [Ecwid Help Center](http://help.ecwid.com "Ecwid Help")
 
 == Changelog ==
+= 7.0.8 - Feb 13, 2026 =
+- **Plugin code improvements for better security. Ecwid ecommerce shopping cart plugin update recommended.**
+
 = 7.0.7 - Jan 29, 2026 =
 - **Plugin code improvements for better security. Ecwid ecommerce shopping cart plugin update recommended.**