The changelog for the latest version of the WordPress plugin Super Progressive Web Apps suggests a vulnerability might have been fixed, as one of the entries says in part “Fixed Broken Access Control vulnerability”. Looking at the changes made in that version, we found that a minor issue was addressed. Previously, anyone could access functionality to sign up for a newsletter or hide a form for the newsletter.

…

[Read more]