The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
https://wpscan.com/vulnerability/b1bd4216-798a-4e45-a0ba-3699f0af3c7a/