Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
Make an admin open a URL like (where <>
is a valid ID): http://example.com/wp-admin/admin.php?page=enl-campaigns&action;=campaign-delete&id;=<>