Authenticated Plugin Setting change vulnerability was discovered by Muhammad Daffa (Patchstack Alliance) in the WordPress WP Shamsi plugin (versions <= 4.1.1).
Update the WordPress WP Shamsi plugin to the latest available version (at least 4.2.0).