DPD Baltic Shipping by DPD <= 1.2.57 - Authenticated (Subscriber+) Arbitrary Option Deletion
REPORT ID: de2b3f05-7766-482e-84df-715fcd450557
The plugin contains a Missing Authorization vulnerability due to a missing capability check in the delete_warehouse AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to delete arbitrary site options, which could make the blog unavailable.
You need to log in to view the vulnerability details.