Several plugins for WordPress are vulnerable to Cross-Site Request Forgery (CSRF). This means that unauthenticated attackers can reset the plugin’s settings by tricking a site administrator into clicking a link or performing another action. The affected plugins are a3 Lazy Load (version 2.6.0 or lower), Contact Us Page – Contact People (version 3.6.1 or lower), a3 Portfolio (version 3.0.1 or lower), Dynamic Product Gallery for WooCommerce (version 3.0.1), a3 Responsive Slider (version 2.2.0 or lower), Compare Products for WooCommerce (version 2.8.2 or lower), Products Quick View for WooCommerce (version 2.0.1 or lower), Product Sort and Display for WooCommerce (version 2.2.2 or lower), and WP Email Template (version 2.6.2 or lower). This vulnerability is caused by a lack of nonce validation on the reset_settings() function.