The plugin does not properly authorize post creation in it’s azh_add_post ajax action, allowing any authenticated users to create posts with any post type and status, even when that should not have this capability.
CPE | Name | Operator | Version |
---|---|---|---|
page-builder-by-azexo | eq | * |