Description The plugin is vulnerable to Insecure Direct Object Reference via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.4.8 |