Description The plugin’s access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical plugin configurations.
- Inferred parameter values
Administrator > manage_options
Editor > delete_others_posts
Author > publish_posts
Contributor > edit_posts
Subscriber > read