The plugin does not properly check for CSRF in some of its functions, allowing them to be bypassed when making a requests without the expected nonce parameter (v < 1.1.7) or with a dummy nonce value (v < 1.11.8). As a result, attackers could make users perform unwanted actions.
2021-07-20 (about 2 years ago)
2021-07-20 (about 2 years ago)
2021-07-20 (about 2 years ago)