7 High
AI Score
Confidence
High
Description The plugin does not have authorisation in its update_options AJAX action, allowing any authenticated users, such as subscribers to update arbitrary blog options (like default_role etc)
blog.nintechnet.com/high-severity-vulnerability-in-wordpress-deeper-comments-plugin-unpatched/
www.wordfence.com/threat-intel/vulnerabilities/id/f1cbe675-4c0f-430a-b2db-85ba8605d172