The plugin did not check for user capability in the dmm_export_donations() function, allowing any authenticated user to export a CSV file containing all donors personal information.
GET /wp-admin/admin-post.php?action=dmm_export
Jerome Bruandet (nintechnet)
No
2021-01-22 (about 2 years ago)
2021-01-22 (about 2 years ago)
2021-01-23 (about 2 years ago)