GHSA-cx2j-wv5h-5j6vHighCVSS 8.1
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation...
🔗 CVE IDs covered (1)
📋 Description
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.