The plugin lacked CSRF nonces, which could allow attackers to make logged in administrators perform unwanted actions, such as change the plugin's settings via a CSRF attack.
No
2021-01-13 (about 2 years ago)
2021-01-13 (about 2 years ago)
2021-01-15 (about 2 years ago)