Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
Make an admin open a URL (where `` is a valid id): http://example.com4/wp-admin/admin.php?page=wp_newsletter_show_items&action;=trash&id;=