The AJAX action stm_update_email_data() accessible to both authenticated and unauthenticated users, as well as the /1/api/ulisting-builder/listing-single-layout/new-layout REST route did not perform capability and CSRF checks, allowing unauthenticated users to change any WordPress option.
2021-01-28 (about 2 years ago)
2021-01-28 (about 2 years ago)
2021-01-29 (about 2 years ago)