Beven Nyamande

**Name of the Vulnerable Software and Affected Versions** Internal Links Manager plugin for WordPress versions through 3.0.1 **Description** The Internal Links Manager plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the link deletion functionality within the `process bulk action()` function. This allows unauthenticated attackers to delete SEO links by forging requests, provided they can trick a site administrator into performing an action. **Recommendations** Update the Internal Links Manager plugin to a version beyond 3.0.1.