Deeper Comments <= 2.1.1 - Subscriber+ Arbitrary Options Update

Description The plugin does not have authorisation in its updateoptions AJAX action, allowing any authenticated users, such as subscribers to update arbitrary blog options like defaultrole etc...

WordPress Deeper Comments Plugin <= 2.1.1 is vulnerable to Settings Change

Software Deeper Comments Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE N/A Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 319b7c9766ae Credits Jerome Bruandet Required privilege Subscriber...