Arbitrary configuration update due to Cross Site Request Forgery (CSRF) vulnerability discovered in the WordPress WP opt-in plugin (version <= 1.4.1).
Deactivate and remove. This plugin is closed as of June 15, 2022 and cannot be downloaded.
WP Opt-in