CVE-2021-24892
The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...