Ovic Product Bundle <= 1.1.2 is vulnerable to Broken Access Control vulnerability

The Ovic Product Bundle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_bundle_product() function hooked via a nopriv AJAX action in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to remove bundled products.