The Form Maker plugin for WordPress, called “10Web,” has a security issue called Cross-Site Request Forgery. This problem affects all versions of the plugin, up to version 1.15.21. The issue is caused by a mistake in checking for a special code that proves the legitimacy of a request. This allows people without authorization to perform certain actions on the plugin, including making changes to the “BoosterController” class. To exploit this, the attacker needs to trick a site administrator into clicking on a link.