A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows malicious users to change the plugin settings.
custom simple rss project custom simple rss