The plugin does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack
https://example.com/wp-admin/admin.php?page=wp125_addedit&deletead=1
Krzysztof Zając
Krzysztof Zając
Yes
2021-12-23 (about 1 years ago)
2021-12-23 (about 1 years ago)
2022-04-10 (about 9 months ago)