One Click SSL <= 1.4.6 - Multiple Issues
Lack of CSRF and authorisation checks in the settings page, as well as AJAX methods such as ajax_enable_ssl(), ajax_scan() and so on could allow unauthorised settings change as well as call of the AJAX methods by a low privileged user. Additionally, it could also allow arbitrary site options update due to the way the update_option() and update_site_option() are used in the admin() and admin_network() functions.
|Proof of Concept||
fixed in version 1.4.7
|Publicly Published||2019-07-11 (13 days ago)|
|Added||2019-07-11 (12 days ago)|
|Last Updated||2019-07-16 (7 days ago)|