The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
social-warfare | lt | 4.3.1 |