Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.Referenceshttps://github.com/emlog/emlog/security/advisories/GHSA-xc26-93qj-rcrw
