The plugin does not apply capability checks on the vcita_save_settings_callback function, making it possible for attackers with low privileges, like subscribers, to modify the plugin’s settings, upload media files, and conduct XSS attacks.
CPE | Name | Operator | Version |
---|---|---|---|
meeting-scheduler-by-vcita | eq | * |