Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.Referenceshttps://wordpress.org/plugins/winterlock/https://jvn.jp/en/jp/JVN94806805/