HT Mega < 2.3.4 - Arbitrary Plugin/Theme Activation via CSRF

Description The plugin does not have CSRF checks in various functions in its admin/include/template-library.php file, which could allow attackers to make logged in admins activate plugins/themes via CSRF attacks