CVE-2021-24215

Name of the Vulnerable Software and Affected Versions: Controlled Admin Access WordPress plugin versions prior to 1.5.2

Description: An Improper Access Control issue was discovered, allowing uncontrolled access to website customization functionality and global CMS settings, such as "/wp-admin/customization.php" and "/wp-admin/options.php", which can lead to a complete compromise of the target resource.

Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/customization.php" and "/wp-admin/options.php" endpoints until a patch is available.