2025-11-21 07:31:47
Wordfence
PUBLISHED
The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wp_ajax_nopriv_checkbox_clean_log AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files.