Report
Multiple ServMask Plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the init() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to modify the access token which could result in sensitive information disclosure or unauthorized back-up restoration.
Score:7.3
Severity:High
Version: 3.75
There is a patch available in v3.76 and we strongly recommend you update to this version as soon as possible.
