Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Rasi (Patchstack Alliance) in the WordPress Auto Upload Images plugin (versions <= 3.3).
No patched version is available. No reply from the vendor.