JVN recently said that a cross-site request forgery (CSRF) vulnerability had been fixed in the WordPress plugin LIQUID SPEECH BALLOON. They provided no details on that, other than that it was fixed in version 1.2. The changelog for that provides more information, as it says that it “Fixed security issue related to input in setting forms.”

…

[Read more]