WordPress LiveSync plugin <= 1.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

2022-05-1600:00:00

Daniel Ruf

patchstack.com

0.001 Low

EPSS

Percentile

25.9%

JSON

Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Daniel Ruf in WordPress LiveSync plugin (versions <= 1.0).

Solution

Deactivate and delete. This plugin has been closed as of May 13, 2022 and is not available for download. This closure is temporary, pending a full review.