The changelog for the latest version of the WordPress plugin WordPress Hosting Benchmark tool is “fixed CSRF bug and WP nonce check vulnerability reported by patchstack.com, Dhabaleshwar Das.” In looking into that, we found that there was a more serious issue than cross-site request forgery (CSRF) at issue and it wasn’t fully fixed.

…

[Read more]