Description The plugin does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF
As a subscriber, open https://example.com/wp-admin/admin-ajax.php?action=test_error The attack can also be performed via CSRF by making a logged in user open the link above