Aarondeee

**Name of the Vulnerable Software and Affected Versions** alpine-photo-tile-for-instagram plugin versions prior to 1.2.7.6 **Description** The issue concerns a CSRF vulnerability that can lead to XSS. It is exploited via the "tab" parameter in the "/wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings" API endpoint. **Recommendations** For versions prior to 1.2.7.6, update the alpine-photo-tile-for-instagram plugin to version 1.2.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings" endpoint until the update is applied. Avoid using the `tab` parameter in the affected endpoint until the issue is resolved.