Ibrahimsql

**Name of the Vulnerable Software and Affected Versions** WP Adminify plugin for WordPress versions up to and including 4.0.7.7 **Description** The WP Adminify plugin for WordPress is susceptible to exposure of sensitive information. The issue resides in the `/wp-json/adminify/v1/get-addons-list` API endpoint, which lacks proper authentication. Specifically, the `permission callback` is set to ` return true`, enabling unauthenticated attackers to access a complete list of available addons, including their installation status, version numbers, and download URLs. **Recommendations** Update to version 4.0.7.8 or later.