The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions (such as create/update/delete buttons, as well update/create formats) via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
podlove-subscribe-button | lt | 1.3.9 |