Several plugins for WordPress created by Inisev have a security vulnerability which can allow unauthorised installation of plugins. This is due to the lack of a security check on the handle_installation function, which is called when using the inisev_installation AJAX action. This means that if an unauthenticated attacker can successfully trick a site administrator into clicking a link, they could potentially install plugins from a limited list via a fake request.