Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack
Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect&info;=delete&did;=1, this will make them delete the effect with ID 1