CWE-352

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.