Woo Billingo Plus by Viszt Péter <= 4.4.5.3 - CSRF
LANACOMMONVDB ID: 80ff743d-6c61-4538-9f27-7667e9309769
The plugin is lacking Cross-Site Request Forgery (CSRF) check in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license.