https://www.pluginvulnerabilities.com/2017/07/19/cross-site-request-forgery-csrfsettings-change-vulnerability-in-share-buttons-by-addthis/

We recently found that the plugin Share Buttons by AddThis had a cross-site request forgery (CSRF)/settings change vulnerability. When setting the plugin’s settings by clicking the Save Options button on the plugin’s settings page proper protection against CSRF exist, but it doesn’t for an alternate method when the plugin is set be controlled from “AddThis.com”.

When it is controlled that way

Powered by WPeMatico