6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.0%
Description The plugin does not properly authorize access to its admin_post_remove and remove_private_data actions, allowing low privileged users (such as subscribers) to delete plugin settings.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/embedpress/embedpress-382-missing-authorization-to-authenticated-subscriber-plugin-settings-delete-via-admin-post-remove-and-remove-private-data