fix to coderabbit's qa

Author: kaeizen

src/lazy-components/cimo/index.php

@@ -75,10 +75,19 @@ public function enqueue_script() {
 				return;
 			}
 
+			$is_installed = self::is_plugin_installed();
+
+			// Prevent exposing Cimo plugin status and action URLs to users lacking the necessary install or activate plugin capabilities.
+			if ( ( ! $is_installed && ! current_user_can( 'install_plugins' ) ) ||
+				 ( $is_installed && ! current_user_can( 'activate_plugins' ) )
+			) {
+				return;
+			}
+
 			$cimo_status = 'activated';
 			$cimo_action = '';
 
-			if ( ! self::is_plugin_installed() ) {
+			if ( ! $is_installed ) {
 				$cimo_status = 'not_installed';
 				$cimo_action = wp_nonce_url(
 					add_query_arg(
@@ -104,6 +113,11 @@ public function enqueue_script() {
 				);
 			}
 
+			// No need to expose plugin status and action URL if it's activated.
+			if ( $cimo_status === 'activated' ) {
+				return;
+			}
+
 			$data = array(
 				'status' => $cimo_status,
 				'action' => html_entity_decode( $cimo_action ),