Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
Make an admin open a URL like (where `<<ID>>` is a valid ID):
http://example.com/wp-admin/admin.php?page=enl-campaigns&action=campaign-delete&id=<<ID>>