Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) in Mitsol Social Post Feed
The plugin Mitsol Social Post Feed was closed on the WordPress Plugin Directory on September 7. One of the latest Subversion repository commits for the plugin is logged as “input sanitization and other cleaning and improving done”. Looking at the changes made we found input sanitization was being done when saving some of the plugin’s settings. What is still missing those is protection against cross-site request forgery (CSRF), when doing that, which we notified the developer of.
…