The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected