The AJAX action la_save_front_editor lacks any capability and CSRF checks, allowing low privilege users to modify the plugin's settings. Due to the lack of sanitisation on some settings, this could lead to a Stored XSS issue as well which will be triggered when a user is logged in
Jerome Bruandet (nintechnet)
No
2021-01-12 (about 2 years ago)
2021-01-12 (about 2 years ago)
2021-01-13 (about 2 years ago)