exopite-sof-file-batch-delete
AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to delete arbitrary attachment. WP Shamsi by wpvar <= 4.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Deletion
REPORT ID: ea3b5bb4-d69a-4346-be3c-bd93cdb06ee8
The plugin contains a Missing Authorization vulnerability due to a missing capability check in the
You need to log in to view the vulnerability details.