An issue exists in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.
read and understood project read and understood 2.1