CVE-2021-24633

The CVE concerns the Countdown Block WordPress plugin (versions before 1.1.2). The issue is missing authorization in the eb_write_block_css AJAX action, enabling any authenticated user (e.g., Subscriber) to modify post contents displayed to users, impacting integrity of content. The root cause is...