I have run a vulnerability scan and these notifications show up
----------------------------------------------------
User credentials are sent in clear text
-----------------------------------------------------
..../operator/login.php
..../operator/restore.php
------------------------------------------------------
HTML form without CSRF protection
------------------------------------------------------
..../operator/login.php
..../operator/restore.php
how can we avoid these vulnalbilities???