The Countdown Block WordPress plugin prior to 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpdeveloper countdown block |