Description
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Admin Page by BestWebSoft Cross-Site Scripting (0.1.1)
Oracle Database Server CVE-2015-0370 Vulnerability (CVE-2015-0370)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.22)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35626)
WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.8)