Description
WordPress Plugin CF7 Manual Spam Blocker is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin CF7 Manual Spam Blocker version 1.0 is vulnerable.
Remediation
Update to plugin version 1.1.0 or latest
References
Related Vulnerabilities
WordPress Plugin Appointment Booking Calendar SQL Injection (1.1.23)
WordPress Plugin YITH Advanced Refund System for WooCommerce Security Bypass (1.0.10)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7984)