The ByREV WP-PICShield WordPress plugin is vulnerable to CSRF.
When updating the plugin options, several parameters in the issued POST request are written directly to the .htaccess file within the WordPress root directory. An attacker may be able to insert arbitrary lines into the .htaccess file, reconfiguring it to redirect to another website or other malicious actions.
While all plugin options can be updated by an attacker via CSRF, the following parameter values are directly inserted into .htaccess:
The attached PoC demonstrates a CSRF payload which rewrites the victim's .htaccess file to redirect to an attacker-controlled website.