Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF

Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack

PoC

This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing: