CVE-2014-9401

Name of the Vulnerable Software and Affected Versions WP Limit Posts Automatically plugin version 0.7 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the lpa post letters parameter in the "wp-limit-posts-automatically.php" page to "wp-admin/options-general.php".

Recommendations For WP Limit Posts Automatically plugin version 0.7 and earlier, consider disabling access to the wp-limit-posts-automatically.php page until a patch is available. Avoid using the lpa post letters parameter in the affected page to minimize the risk of exploitation.