Unauthenticated users could install/activate/deactivate arbitrary plugins, including install one from a remote source under their control (by having $_REQUEST['ccDestin'] set to external and $_REQUEST['ccFileUrl'] to the remote ZIP file)
Jerome Bruandet (nintechnet)
No
2020-12-17 (about 1 years ago)
2020-12-17 (about 1 years ago)
2020-12-18 (about 1 years ago)