Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Make an admin open an HTML page with the following HTML:
See that the plugin’s “Header Options > Toolbar Options > Title” has been updated to CSRF Title