Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1.
The vulnerability results from insufficient CSRF token verification in requests directed to the WP Options Editor plugin. An attacker can prepare a malicious website or link that, when opened by a logged-in WordPress user, executes an unauthorized HTTP request on their behalf. In this way, it is possible to modify WordPress options in a manner leading to privilege escalation in the system.
An attacker can obtain elevated privileges in a WordPress instance, potentially taking control of the entire website or gaining administrative access.
Patches available from the vendor should be applied according to the references. If an update is not available, it is recommended to immediately disable or remove the WP Options Editor plugin.
The WP Options Editor plugin by Mike Selander in versions from its inception through 1.1 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H