Continuing a trend of WordPress plugin developers claiming that real vulnerabilities are potential or possible vulnerabilities, two recent updates to the plugin Crisp, which had as their Subversion comments “Fix potential XSS issue”, involved fixing a vulnerability. That vulnerability being a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability.

…

[Read more]