Description
Insufficient capability checks made it possible to disable badges a user does not have permission to access.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)
Apache Traffic Server Integer Overflow or Wraparound Vulnerability (CVE-2018-9481)
WordPress Plugin Church Admin Cross-Site Scripting (0.856)
WordPress Plugin Spiffy Calendar Cross-Site Scripting (3.2.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)