_{As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well, we post our findings on them. The data on these false reports is also included in our service’s data.}

As with the other false report of a claimed cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability from the same reporter, the claim of one in Easy Facebook Like Box – Custom Facebook Feed – Auto PopUp version 4.3.0 seems to be based on a lack of understanding of what this type of vulnerability actually involves. [Read more]