Due to lack of CSRF validation, a logged in user is potentially vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum.
Upgrade to the latest version v0.7.0
You can cherry-pick the following commit: https://github.com/psychobunny/nodebb-plugin-blog-comments/commit/cf43beedb05131937ef46f365ab0a0c6fa6ac618
Visit https://community.nodebb.org if you have any questions about this issue or on how to patch / upgrade your instance.