The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users, such as subscriber to update them (such as the change the MailChimp API key, 404 page settings etc)
CPE | Name | Operator | Version |
---|---|---|---|
jeg-elementor-kit | lt | 2.5.7 |