Description The plugin does not have authorisation and does not properly check for the user metadata to be updated via the save_users_map_name() function, allowing any authenticated users, such as subscriber to update their role and gain administrator privileges