The plugin does not have CSRF check when saving its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them.
CPE | Name | Operator | Version |
---|---|---|---|
link-optimizer-lite | eq | * |