The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to retrieve sensitive information about the server
CPE | Name | Operator | Version |
---|---|---|---|
perfect-woocommerce-brands | lt | 2.0.5 |