The changelog for the latest version of About Author is “* updated: Nonce and permission check.” Looking at the changes made in that version we didn’t find any change related to permissions checks, but we did notice once instance where a nonce check was added. The addition of that fixed a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability.

…

[Read more]