Integration for Szamlazz.hu & Gravity Forms by Viszt Péter <= 1.2.6 - CSRF
LANACOMMONVDB ID: 30aeecc6-587d-4221-afc1-05c9043f6393
The plugin is lacking Cross-Site Request Forgery (CSRF) check in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license.