CVE-2021-4448

Name of the Vulnerable Software and Affected Versions Kaswara Modern VC Addons plugin for WordPress versions up to, and including, 3.0.1

Description The issue is related to insufficient capability checking on various AJAX actions, allowing unauthenticated attackers to perform unauthorized actions. These actions include importing data, uploading arbitrary files, deleting arbitrary files, and more.

Recommendations For versions up to, and including, 3.0.1, update to a version higher than 3.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available. Avoid using the plugin until the issue is resolved.