My WP Translate WordPress Plugin Missing Authorization Vulnerability in Versions Through 1.1

A vulnerability exists in the My WP Translate plugin for WordPress, allowing authenticated attackers with Subscriber-level access and above to manipulate data. This issue arises from a lack of proper capability checks in the 'mtswpt_remove_plugin' and 'ajax_update_export_code' functions, present in all versions up to and including 1.1. Exploitation of this vulnerability enables the reading and deletion of arbitrary WordPress options, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability could cause a denial-of-service condition by allowing the deletion of critical WordPress options.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can use the 'ajax_remove_plugin' function to delete arbitrary WordPress options. This can be done by sending a POST request with the 'plugin_tab' parameter, specifying the option to be deleted. Additionally, the 'ajax_update_export_code' function can be used to manipulate export data without proper authorization, further exploiting the vulnerability.