The plugin does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack
https://example.com/wp-admin/admin.php?page=float-menu&info;=delete&did;=1
CPE | Name | Operator | Version |
---|---|---|---|
float-menu | lt | 4.3.1 |