The plugins have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions
[addify-order-approval-woocommerce] - To make a logged in admin approve the order with ID 103 https://example.com/wp-admin/edit.php?s=&post;_status=all&post;_type=shop_order&action;=approved&m;=0&_customer_user=&paged;=1&post;[]=103&action2;=approved