The Add Expires Headers & Optimized Minify plugin for WordPress has a security flaw in versions up to 2.7. This means that unauthenticated attackers could change settings related to minifying and caching data by trying to trick a site administrator into doing something like clicking on a link. This is because the plugin does not have the right kind of protection (called a nonce) to make sure that the request is legitimate.