CVE-2015-6523

Name of the Vulnerable Software and Affected Versions Portfolio plugin for WordPress versions prior to 1.05

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests with unspecified impact. This is achieved via a request to the "instagram-portfolio" page in "wp-admin/options-general.php".

Recommendations For versions prior to 1.05, update the Portfolio plugin to version 1.05 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php" page and the "instagram-portfolio" functionality to minimize the risk of exploitation.