Cross-Site Request Forgery (CSRF) vulnerability leading to plugin settings change discovered by Julien Ahrens (RCE Security) in the WordPress BeCustom premium plugin (versions <= 1.0.5.2).
Update the WordPress BeCustom plugin to the latest available version (at least 1.0.5.3).