AnyMind Widget <= 1.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating the setWidgetId setting, and does not have sanitisation as well as escaping applied to it, which could allow attackers to make a logged in admin put a Cross-Site Scripting payload in it via CSRF attack