CVE-2019-14795

Name of the Vulnerable Software and Affected Versions Toggle The Title plugin version 1.4

Description The issue concerns a problem with the Toggle The Title plugin for WordPress. It is possible to exploit this issue via the wp-admin/admin-ajax.php endpoint, specifically through the action=update title options parameter, by manipulating the isAutoSaveValveChecked or isDisableAllPagesValveChecked parameters. This can lead to a security issue.

Recommendations For Toggle The Title plugin version 1.4, consider disabling the update title options action in the wp-admin/admin-ajax.php endpoint until a patch is available. Avoid using the isAutoSaveValveChecked or isDisableAllPagesValveChecked parameters in the affected endpoint to minimize the risk of exploitation.