The plugin does not validate the β_wpnonceβ anti-CSRF token. This issue can be used to perform many actions. The most significant action with the biggest impact is the ability to redirect users to malicious websites. Functionality exists where specific user agent strings can be configured to be redirected to other destinations. By abusing this feature with CSRF it is possible to add a user agent string that will redirect users to a malicious site.