The AJAX action save_content_front lack any capability and CSRF checks, allowing low privilege users to modify any page or post from the blog. This could also lead to XSS via a CSRF attack on a logged in high privilege user.
Jerome Bruandet (nintechnet)
No
2021-01-12 (about 2 years ago)
2021-01-12 (about 2 years ago)
2021-01-14 (about 2 years ago)