Broken Access Control leading to plugin settings change by the subscriber or higher role user vulnerability discovered by ptsfence (Patchstack) in WordPress Optinly plugin (versions <= 1.0.11).
No patched version is available. No reply from the vendor.