Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Naoki Ogawa (Cryptography Laboratory in Tokyo Denki University) in WordPress Stetic plugin (versions <= 1.0.8).
Update the WordPress Stetic plugin to the latest available version (at least 1.0.9).