Report
The Widget Options plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the widgetopts_ajax_hide_rating() function in versions up to, and including, 4.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss a ratings notice.
Score:4.3
Severity:Medium
Version: 4.0.8
There is a patch available in v4.0.9 and we strongly recommend you update to this version as soon as possible.
