HT Politic by HasThemes <= 2.3.7 - Arbitrary Plugin Activation via CSRF
LANACOMMONVDB ID: 9c738a4e-bff0-4d83-8709-2d7a2fda13bf
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.