CVE-2015-9433

Name of the Vulnerable Software and Affected Versions wp-social-bookmarking-light plugin versions prior to 1.7.10

Description The issue concerns a CSRF vulnerability that can lead to XSS, specifically via configuration parameters for social media platforms such as Tumblr, Twitter, and Facebook. This vulnerability is exploited in the wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php endpoint.

Recommendations For versions prior to 1.7.10, update the wp-social-bookmarking-light plugin to version 1.7.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration parameters for social media platforms in the affected endpoint until the update is applied.