CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
Source: NIST
CVE-2015-9390