Cross Site Request Forgery (CSRF) Vulnerability | WordPress.org

Resolved wmosquini
(@wmosquini)

2 months, 2 weeks ago

Hi everyone,

I recently received a security report integrated into PatchStack identifying a Cross-Site Request Forgery (CSRF) vulnerability in version 4.3.1.

Below is the link to the PatchStack report: https://patchstack.com/database/wordpress/plugin/related-posts-thumbnails/vulnerability/wordpress-related-posts-thumbnails-plugin-for-wordpress-plugin-4-3-1-cross-site-request-forgery-csrf-vulnerability

Is there an estimated release date for the patch?

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Support Abdul Wahab
(@abdulwahab610)

2 months, 2 weeks ago

Hey, @wmosquini

Thank you for reporting the issue — it has been fixed. We’ll release the update as soon as it’s approved by the reporter.

Thanks again.

Plugin Support Abdul Wahab
(@abdulwahab610)

1 month, 4 weeks ago

Hey, @wmosquini

We’ve released Related Posts Thumbnails v4.3.2, which includes the fix for the reported security vulnerability.

Thank you for your patience and for helping us improve the plugin — we truly appreciate the support from the open-source community.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

6 replies
5 participants
Last reply from: Abdul Wahab
Last activity: 1 month, 4 weeks ago
Status: resolved