The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans
https://example.com/wp-admin/admin.php?page=aicp_banned_user_details&action=delete&id=1
Krzysztof Zając
Krzysztof Zając
Yes
2022-04-05 (about 1 years ago)
2022-04-05 (about 1 years ago)
2022-04-13 (about 1 years ago)