The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn’t provide enough information on which actions could be performed.
CPE | Name | Operator | Version |
---|---|---|---|
theme-tweaker-lite | eq | * |