antihacker_install_plugin
AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to install and activate arbitrary plugins from WordPress.org repository. AntiHacker by Bill Minozzi <= 4.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
REPORT ID: a0ede324-76b5-4447-a5b6-44337f9b9451
The plugin contains a Missing Authorization vulnerability due to a missing capability check in the
You need to log in to view the vulnerability details.