SECURITY VULNERABILITY: Multiple Cross-Site Request Forgery (CSRF)

[elPorcharo]

Just found the following alert on my Plesk WordPress Toolkit:

The "Details" links is taking to this page, where the suggested solution is “Deactivate and delete. No response from the vendor.”

Furthermore, my WP backend is very slow today: hope this not due to the above issue!!!

Please have a look into it as soon as possible.

Thanks!

[terri2016]

I'm hoping this is fixed soon. I have quite a few subscribers to my blog posts, I'd hate to have to move to a different plugin.

Thank you!

[BobaWebDev]

Hi @terri2016 @elPorcharo

Sorry for the troubles.

An update will be released today.

[elPorcharo]

That is great! Thank you @BobaWebDev!

[BobaWebDev]

You're welcome @elPorcharo

The update is released.

[elPorcharo]

@BobaWebDev

I've just updated the plugin, then I run the WP Tools security check to remove that notice, but I see it still detects the issue:

Could this be a cache problem? (I see the old version is still mentioned in the notice)

[BobaWebDev]

The message will show up until they test the new update and confirm the issue is fixed. The scan doesn't actually scan the code for issues, it just checks their database to see if the plugin is marked as having a vulnerability.

[elPorcharo]

Oh nice, good to know.
Thanks for the clarification and for the prompt fix!

Have a great continuation! ;-)

[BobaWebDev]

You're welcome and thank you :)

[terri2016]

Thank you for taking care of this so quickly!! I just updated my plugin.

…

On Mon, May 2, 2022 at 12:34 PM Slobodan Kustrimovic < ***@***.***> wrote: You're welcome and thank you :) — Reply to this email directly, view it on GitHub <#698 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE6LVY3IEPEY725457WHTUDVH77YTANCNFSM5UYFK7WQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>