The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
https://example.com/wp-admin/admin.php?page=counter-box&id=1&action=activate https://example.com/wp-admin/admin.php?page=counter-box&id=1&action=deactivate
Raad Haddad
Raad Haddad
Yes
2022-07-08 (about 1 months ago)
2022-07-08 (about 1 months ago)
2022-07-08 (about 1 months ago)