The plugin does not have CSRF checks in some places, for example when deleting/updating images. Furthermore, it does not ensure that the image to be deleted are actually images, which could allow attackers to make logged in admins delete arbitrary posts via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
mabel-shoppable-images-lite | lt | 1.2.4 |