WordPress WIP Custom Login Plugin by ThemeinProgress <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Reset Plugin Settings
REPORT ID: 15934778-1045-4f3c-bcaf-1bbd32aceff3
The plugin contains a Missing Authorization vulnerability due to a missing capability check, which makes it possible for authenticated attackers with a role as low as subscriber to reset plugin settings.
You need to log in to view the vulnerability details.