Broken Access Control vulnerability discovered by Nguyen Anh Tien (Patchstack Alliance) in the WordPress Permalink Manager Lite plugin (versions <= 2.2.20).
Update the WordPress Permalink Manager Lite plugin to the latest available version (at least 2.2.20.1).