The plugin does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash
CPE | Name | Operator | Version |
---|---|---|---|
easy-pricing-tables | lt | 3.1.3 |