Cross site request forgery (csrf)

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the customwpadminslug settings, allowing unauthenticated attackers to update it with a crafted request...