CVE-2022-1570
CVE-2022-1570 affects the WordPress Files Download Delay plugin (versions prior to 1.0.7). The root cause is missing authorization checks and CSRF protections when resetting plugin settings, allowing any authenticated user (e.g., subscribers) to perform the action. Remediation: upgrade to version...