QuickSwish by HasTheme <= 1.0.9 - Arbitrary Plugin Activation via CSRF
LANACOMMONVDB ID: c5ce49fe-5bde-43c5-975d-54fa79b062a0
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.