The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscribers to call them. One of those actions could allow them to rewrite static files URL (JS, CSS etc) to a malicious CDN under their control, which could lead to XSS
CPE | Name | Operator | Version |
---|---|---|---|
flying-press | lt | 3.9.7 |