CVE-2015-9425

Name of the Vulnerable Software and Affected Versions Social-locker plugin versions prior to 4.2.5 for WordPress

Description The issue concerns a CSRF with resultant XSS in the social-locker plugin for WordPress. This occurs via the licensekey parameter in the "/wp-admin/edit.php?post type=opanda-item&page=license-manager-sociallocker-next" API endpoint.

Recommendations For versions prior to 4.2.5, update to version 4.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/edit.php?post type=opanda-item&page=license-manager-sociallocker-next endpoint to minimize the risk of exploitation. Avoid using the licensekey parameter in the affected endpoint until the issue is resolved.