The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack
[
{
"cpes": [
"cpe:2.3:a:wordpress_scan:Modal_window:*:*:*:*:*:*:*:*"
],
"vendor": "wordpress_scan",
"product": "Modal_window",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]