Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack
This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing: