Free WooCommerce Theme 99fy Extension by HasThemes <= 1.2.7 - Arbitrary Plugin Activation via CSRF
LANACOMMONVDB ID: 8fd2fd5d-bebd-4d1e-b09c-ce5db9a2b1c4
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.