Lisa_Westlund

**Name of the Vulnerable Software and Affected Versions** Portfolio plugin for WordPress versions prior to 1.05 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests with unspecified impact. This is achieved via a request to the "instagram-portfolio" page in "wp-admin/options-general.php". **Recommendations** For versions prior to 1.05, update the Portfolio plugin to version 1.05 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php" page and the "instagram-portfolio" functionality to minimize the risk of exploitation.