Merge pull request #2394 from Codeinwp/vulnerability-237

Fixed vulnerability issue with author role

inc/css/class-css-handler.php

@@ -142,8 +142,8 @@ public function register_routes() {
 							},
 						),
 					),
-					'permission_callback' => function () {
-						return current_user_can( 'publish_posts' );
+					'permission_callback' => function ( $request ) {
+						return current_user_can( 'edit_post', $request->get_param( 'id' ) );
 					},
 				),
 			)
@@ -166,8 +166,8 @@ public function register_routes() {
 							},
 						),
 					),
-					'permission_callback' => function () {
-						return current_user_can( 'publish_posts' );
+					'permission_callback' => function ( $request ) {
+						return current_user_can( 'edit_post', $request->get_param( 'id' ) );
 					},
 				),
 			)