Merge pull request #37 from Appsero/develop

fix: Broken Access Control Vulnerability Issue
Appsero · Jan 16, 2024 · 38d0e8f · 38d0e8f
2 parents 54cb34f + e447234
commit 38d0e8f
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/Insights.php b/src/Insights.php
@@ -496,6 +496,10 @@ public function handle_optin_optout()
             return;
         }
 
+        if (!current_user_can('manage_options')) {
+            return;
+        }
+
         if (isset($_GET[$this->client->slug . '_tracker_optin']) && $_GET[$this->client->slug . '_tracker_optin'] === 'true') {
             $this->optin();