Merge pull request #36 from nurul-umbhiya/patch-3

fix: Broken Access Control Vulnerability Issue
Appsero · Jan 16, 2024 · e447234 · e447234
2 parents c5fd458 + 5fc8f51
commit e447234
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/Insights.php b/src/Insights.php
@@ -496,6 +496,10 @@ public function handle_optin_optout()
             return;
         }
 
+        if (!current_user_can('manage_options')) {
+            return;
+        }
+
         if (isset($_GET[$this->client->slug . '_tracker_optin']) && $_GET[$this->client->slug . '_tracker_optin'] === 'true') {
             $this->optin();