Integration for Billingo & Gravity Forms by Viszt Péter <= 1.0.3 - CSRF
LANACOMMONVDB ID: 4893be10-0a1d-4c74-9937-db4304c6e6c9
The plugin is lacking Cross-Site Request Forgery (CSRF) check in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license.