Cross-Site Request Forgery (CSRF) vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin (versions <= 0.99).
Patched version not available according to WordFence.
wordpress.org/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/
www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/