One of the changelog entries for the latest version of Rate my Post – WP Post Rating is “Improvement: Enhanced security”. Looking at the changes made in that version the first changes shown added protection against cross-site request forgery (CSRF) to a number of functions accessible to those logged in WordPress through its AJAX functionality. One of those involved the function for changing the plugin’s settings, which often allows the CSRF vulnerability to be used to cause cross-site scripting (XSS), but in this case the developer had implemented sanitization to avoid that. So what you can do looks to be limited to do things like resetting the settings.

…

[Read more]