Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion
The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an...