CVE-2021-24190

Name of the Vulnerable Software and Affected Versions: WooCommerce Conditional Marketing Mailer WordPress plugin versions prior to 1.5.2

Description: The issue allows low-privileged users to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities.

Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action 'cp plugins do button job later callback' until the update is applied.