From 9b23218fdd9d86260d813f221c1b8d93d9ff7bb0 Mon Sep 17 00:00:00 2001
From: Camwyn <stephen@theeventscalendar.com>
Date: Fri, 25 Apr 2025 13:42:18 -0400
Subject: [PATCH] Proposed additional security tweaks.

---
 .../plugins/library-testing/src/Settings_Page.php      | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php b/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php
index d6f1aed..88417a8 100644
--- a/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php
+++ b/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php
@@ -79,6 +79,11 @@ public function send_event(): void {
 			return;
 		}
 
+		// Check if the user has the necessary permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
 		$number = filter_input( INPUT_POST, 'number', FILTER_VALIDATE_INT ) ?: 1;
 
 		// Set up basic event data for each valid event.
@@ -114,6 +119,11 @@ public function clear_all_database_options() {
 			return;
 		}
 
+		// Check if the user has the necessary permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
 		global $wpdb;
 
 		$query = $wpdb->prepare( "DELETE FROM {$wpdb->prefix}options WHERE `option_name` LIKE 'stellarwp_telemetry%%';" );