diff --git a/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php b/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php
index d6f1aed..88417a8 100644
--- a/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php
+++ b/dev/public/wp-content/plugins/library-testing/src/Settings_Page.php
@@ -79,6 +79,11 @@ public function send_event(): void {
 			return;
 		}
 
+		// Check if the user has the necessary permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
 		$number = filter_input( INPUT_POST, 'number', FILTER_VALIDATE_INT ) ?: 1;
 
 		// Set up basic event data for each valid event.
@@ -114,6 +119,11 @@ public function clear_all_database_options() {
 			return;
 		}
 
+		// Check if the user has the necessary permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
 		global $wpdb;
 
 		$query = $wpdb->prepare( "DELETE FROM {$wpdb->prefix}options WHERE `option_name` LIKE 'stellarwp_telemetry%%';" );
diff --git a/src/Telemetry/Exit_Interview/Exit_Interview_Subscriber.php b/src/Telemetry/Exit_Interview/Exit_Interview_Subscriber.php
index 85f690c..54d03ad 100644
--- a/src/Telemetry/Exit_Interview/Exit_Interview_Subscriber.php
+++ b/src/Telemetry/Exit_Interview/Exit_Interview_Subscriber.php
@@ -75,10 +75,13 @@ public function render_exit_interview() {
 	 * Handles the ajax request for submitting "Exit Interivew" form data.
 	 *
 	 * @since 1.0.0
+	 * @since 2.3.4 - Added user capability check.
 	 *
 	 * @return void
 	 */
 	public function ajax_exit_interview() {
+
+		// Check sent data before we do any database checks for faster failures.
 		$uninstall_reason_id = filter_input( INPUT_POST, 'uninstall_reason_id', FILTER_SANITIZE_SPECIAL_CHARS );
 		$uninstall_reason_id = ! empty( $uninstall_reason_id ) ? $uninstall_reason_id : false;
 		if ( ! $uninstall_reason_id ) {
@@ -96,6 +99,7 @@ public function ajax_exit_interview() {
 		$comment = filter_input( INPUT_POST, 'comment', FILTER_SANITIZE_SPECIAL_CHARS );
 		$comment = ! empty( $comment ) ? $comment : '';
 
+		// Validate nonce.
 		$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_SPECIAL_CHARS );
 		$nonce = ! empty( $nonce ) ? $nonce : '';
 
@@ -103,6 +107,11 @@ public function ajax_exit_interview() {
 			wp_send_json_error( 'Invalid nonce' );
 		}
 
+		// Sent data validated, check if the user has the necessary permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
+			wp_send_json_error( 'User does not have proper permissions to modify plugins' );
+		}
+
 		$telemetry = $this->container->get( Telemetry::class );
 		$telemetry->send_uninstall( $plugin_slug, $uninstall_reason_id, $uninstall_reason, $comment );
 
diff --git a/src/Telemetry/Opt_In/Opt_In_Subscriber.php b/src/Telemetry/Opt_In/Opt_In_Subscriber.php
index ba6baec..dc18afd 100644
--- a/src/Telemetry/Opt_In/Opt_In_Subscriber.php
+++ b/src/Telemetry/Opt_In/Opt_In_Subscriber.php
@@ -45,6 +45,7 @@ public function register(): void {
 	 * Sets the opt-in status for the site.
 	 *
 	 * @since 1.0.0
+	 * @since 2.3.4 - Added user capability check.
 	 *
 	 * @return void
 	 */
@@ -61,6 +62,7 @@ public function set_optin_status() {
 			return;
 		}
 
+		// Check sent data before we do any database checks for faster failures.
 		// We're not attempting a telemetry action.
 		if ( isset( $_POST['action'] ) && 'stellarwp-telemetry' !== $_POST['action'] ) {
 			return;
@@ -71,6 +73,11 @@ public function set_optin_status() {
 			return;
 		}
 
+		// Sent data validated, check if the user has the necessary permissions.
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
 		$stellar_slug = Config::get_stellar_slug();
 
 		if ( isset( $_POST['stellar_slug'] ) ) {