Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-cross-site-request-forgery-csrf-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/auto-login-new-user-after-registration/auto-login-new-user-after-registration-196-cross-site-request-forgery-to-settings-modification