Description Multiple plugins from the Inisev vendor are lacking CSRF check in the handle_installation function hooked to the inisev_installation AJAX action, allowing unauthenticated attackers to make logged in admins install plugins from Inisev on the blog via a CSRF attack