CVE-2015-9408

Name of the Vulnerable Software and Affected Versions xpinner-lite plugin versions through 2.2 for WordPress

Description The issue concerns a CSRF vulnerability with resultant XSS in the wp-admin/options-general.php endpoint. This allows for cross-site request forgery attacks that can lead to cross-site scripting.

Recommendations For versions through 2.2, update to a version that fixes this issue to prevent CSRF and resultant XSS attacks. As a temporary workaround, consider restricting access to the wp-admin/options-general.php endpoint until a patch is available.