The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as the nonces have only been set in AJAX actions. December 8th, 2019 - WP Plugins Team notified again December 10th, 2019 - Plugin closed for review December 11th, 2019 - v3.2.3 Released, fixing the issues December 22nd, Plugin re-opened
Share this page: Sharing Facebook Twitter LinkedIn Copy Text