The plugin contains a Missing Authorization vulnerability due to a missing capability check in the activecampaign_for_woocommerce_clear_error_log AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to delete error logs.