AI Score
Confidence
High
EPSS
Percentile
30.0%
Description The plugin does not properly authorize access to its admin_post_remove and remove_private_data actions, allowing low privileged users (such as subscribers) to delete plugin settings.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/embedpress/embedpress-382-missing-authorization-to-authenticated-subscriber-plugin-settings-delete-via-admin-post-remove-and-remove-private-data