The Prevent Landscape Rotation plugin for WordPress is vulnerable to a type of security attack called Cross-Site Request Forgery (also known as CSRF). This type of attack lets a malicious actor manipulate a website administrator into making changes to a website’s settings without their consent. In this case, the vulnerability affects versions up to and including 2.0 of this plugin, as it does not have the correct security measures in place to protect against this type of attack. A malicious actor could exploit this vulnerability by tricking a website administrator into clicking on a malicious link, which would then allow them to change the settings of the plugin.