Description The plugin does not have authorisation check in its events_receiver function, allowing unauthenticated users to create/update/delete posts/taxonomy, install/activate/deactivate plugin, update the customizer settings as well as create/update/delete arbitrary users
CPE | Name | Operator | Version |
---|---|---|---|
instawp-connect | eq | 0.0.9.19 |