We recently discovered that the http:BL WordPress Plugin has a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in version 1.9.1, and all prior versions, on the page /wp-admin/plugins.php?page=httpbl%2Fhttpbl.php.

No nonce is included on the page, leading to the CSRF issue. [Read more]