Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Make a logged in admin open the following HTML (replace __FORM_ID__
with a valid ID):
The security
field isn’t validated and the shortcode is deleted.