EPSS
Percentile
45.1%
The plugin does not perform a capability check on the ajax_set_featured_image function, allowing authenticated users with subscriber-level permissions to modify featured images of arbitrary posts using images from the media library.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/draw-attention/draw-attention-2011-missing-authorization-to-arbitrary-post-featured-image-modification