HT Portfolio by HT Plugins <= 1.1.5 - Arbitrary Plugin Activation via CSRF
LANACOMMONVDB ID: 0df99e9a-91f1-4de3-9311-8b467f51a84f
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.