Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, edit, delete, enable, disable, and sort items.