A popular plugin called Super Page Cache for Cloudflare used in WordPress has a security vulnerability. This problem affects versions up to 4.7.5 and is called Cross-Site Request Forgery. It happens because the plugin did not properly check for a security code (called a nonce) when using the admin_menu_page_index() function. This means that someone who is not authorized can change the plugin’s settings by tricking a website administrator into doing something, like clicking on a link.