WP Film Studio by HasThemes <= 1.3.4 - Arbitrary Plugin Activation via CSRF
LANACOMMONVDB ID: d1676575-8239-4a23-838b-c43421cc3898
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.