Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
wpbrigade loginpress