The plugin had CSRF logic flaws, which could allow attackers to bypass the CSRF in place, by either providing a dummy nonce, or no nonce at all in the requests (depending on the affected method)
2021-05-08 (about 2 years ago)
2021-05-08 (about 2 years ago)
2021-05-08 (about 2 years ago)