CVE-2020-9514

Name of the Vulnerable Software and Affected Versions IMPress for IDX Broker plugin versions prior to 2.6.2

Description An issue was discovered that allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via the create dynamic page and delete dynamic page functions in wrappers.php.

Recommendations For versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the Subscriber role's capabilities to minimize the risk of exploitation.