Six plugins for WordPress are vulnerable to a type of cyber attack called Cross-Site Request Forgery. This attack can occur if an unauthenticated person is able to convince a website administrator to complete an action, like clicking on a link. These plugins, A3 Lazy Load, A3 Portfolio, Contact Us Page – Contact People, Dynamic Product Gallery for WooCommerce, A3 Responsive Slider, and Compare Products for WooCommerce, had versions up to and including 2.5.0, 3.0.0, 3.6.0, 2.9.0, 2.0.12, and 2.8.0 that were vulnerable to this attack. This was due to the lack of protection against the save_settings function present in all three plugins. In addition, as part of the patch, there were additional changes made to the plugins to ensure sanitization and escaping, which may have fixed other potential vulnerabilities.