feed-blacklist.php is run every time when website is displayed.
wprss_check_if_blacklist_delete() is run on init action.
Administrator privileges are NOT checked when we pass
Proof of Concept:
Anyone can delete any posts.
For example delete post
- 08-11-2014: Discovered
- 08-11-2014: Vendor notified
- 10-11-2014: Version 4.6.4 released, issue resolved