We’re Open! by Design Extreme <= 1.45 - Subscriber+ Arbitrary Special Opening Hour Deletion
LANACOMMONVDB ID: b3ca22bc-6159-43ff-b083-2fec9ed6a6d4
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting a special opening hour, which could allow any authenticated users, such as subscriber to delete arbitrary special opening hour.