WP Tools <= 3.42 is vulnerable to Auth. Arbitrary Plugin Installation vulnerability

The WP Tools plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wptools_install_plugin() function in versions up to, and including, 3.42. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install other plugins owned by the developer on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site.