Improper Access Controls issue in the cli_policy_generator AJAX call which could allow an authenticated user with low privileges (such as a subscriber) to: - Change the status of any post/page from published to draft, removing them from the frontend of the blog. - Put a payload in the content of one of them, leading to Stored Cross-Site Scripting (XSS) issues.
CPE | Name | Operator | Version |
---|---|---|---|
cookie-law-info | lt | 1.8.3 |