MailOptin < 1.2.35.2 - Unauthorised AJAX Call
The fetchcustomfields and fetchtags function did not have proper CSRF check and authorisation, allowing unauthorised users to call the related AJAX action via either low privilege account or CSRF attack POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...