Wpams
Monthly
Arbitrary content deletion in the WPAMS WordPress plugin (versions prior to 49.5.3) by Mojoomla allows any authenticated subscriber-level user to delete content they are not authorized to remove. Rooted in a missing authorization check (CWE-862), this flaw bypasses WordPress capability controls entirely for deletion operations. No active exploitation has been identified in CISA KEV, and no public proof-of-concept has been disclosed at time of analysis, but the low privilege bar - a standard subscriber account - makes exploitation trivially accessible to any registered site user.
Arbitrary content deletion in the WPAMS WordPress plugin (versions prior to 49.5.3) by Mojoomla allows any authenticated subscriber-level user to delete content they are not authorized to remove. Rooted in a missing authorization check (CWE-862), this flaw bypasses WordPress capability controls entirely for deletion operations. No active exploitation has been identified in CISA KEV, and no public proof-of-concept has been disclosed at time of analysis, but the low privilege bar - a standard subscriber account - makes exploitation trivially accessible to any registered site user.