The plugin does not have CSRF check in place in its settings, as well as does not sanitise and escape them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks against them
CPE | Name | Operator | Version |
---|---|---|---|
tarteaucitronjs | lt | 1.6 |