The plugin did not properly check the CSRF nonce in the ic_orders.save() function, which could allow attackers to make a logged in user with the edit_digital_order capability save arbitrary digital orders.
Jerome Bruandet (nintechnet.com)
WPScanTeam
Yes
2021-02-17 (about 1 years ago)
2021-02-17 (about 1 years ago)
2021-03-05 (about 1 years ago)