The plugin does not have authorisation in some AJAX actions, allowing any authenticated users, such as subscriber, to call them and delete arbitrary post meta as well as reset access tokens related to network
CPE | Name | Operator | Version |
---|---|---|---|
social-warfare | lt | 4.3.1 |