One of the changelog entries for the latest version of Feedburner Alternative and RSS Redirect Plugin (RSS Redirect & Feedburner Alternative) is “Security patches”. Looking at the changes made in that version we found that a number of security changes were made. While some of the changes didn’t really make sense (adding sanitization where it isn’t needed or where there should have been a different security improvement), we found that protection against cross-site request forgery (CSRF) and a capabilities check were added to several AJAX accessible function, which restrict lower-level users from making changes only intended to be made by Administrators.

…

[Read more]