Traffic Manager <= 1.4.5 is vulnerable to Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)

The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.