CVE-2015-9432

Name of the Vulnerable Software and Affected Versions alpine-photo-tile-for-instagram plugin versions prior to 1.2.7.6

Description The issue concerns a CSRF vulnerability that can lead to XSS. It is exploited via the "tab" parameter in the "/wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings" API endpoint.

Recommendations For versions prior to 1.2.7.6, update the alpine-photo-tile-for-instagram plugin to version 1.2.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings" endpoint until the update is applied. Avoid using the tab parameter in the affected endpoint until the issue is resolved.