The plugin does not have CSRF check in place in some of its action (such as clear cache and stats as well as update template status), which could allow attackers to make a logged in admin call them via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
download-manager | lt | 3.2.49 |