Security analysts at Patchstack have discovered that the popular plugin is vulnerable to CVE-2023-34000, an unauthenticated insecure direct object reference (IDOR) flaw that could expose sensitive details to attackers.
Source: cyware.com