The plugin does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash
https://example.com/wp-admin/edit.php?post_type=easy-pricing-table&page=ept3-list&action=trash&post=1
Krzysztof Zając
Krzysztof Zając
Yes
2022-02-01 (about 12 months ago)
2022-02-01 (about 12 months ago)
2022-04-13 (about 9 months ago)