T15Nng7Y7N

**Name of the Vulnerable Software and Affected Versions** Image Alt Text plugin for WordPress versions up to and including 2.0.0 **Description** The issue allows authenticated attackers with subscriber-level access and above to update the alt text on arbitrary images due to a missing capability check on the `iat add alt txt action` and `iat update alt txt action` AJAX actions. **Recommendations** For versions up to and including 2.0.0, update to a version higher than 2.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the `iat add alt txt action` and `iat update alt txt action` AJAX actions until a patch is available.