Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9.2.