CVE-2021-24633 – Countdown Block < 1.1.2 - Missing Authorisation in AJAX action

https://notcve.org/view.php?id=CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. El plugin Countdown Block de WordPress versiones anteriores a 1.1.2, no dispone de autorización en la acción AJAX eb_write_block_css, permitiendo a cualquier usuario autenticado, como Subscriber, modificar el contenido de la entrada que se muestra a usuarios • https://wpscan.com/vulnerability/431901eb-0f95-4033-b943-324e6d3844a5 • CWE-862: Missing Authorization •