Name of the Vulnerable Software and Affected Versions:

WordPress Automatic Plugin versions prior to 3.118.0

Description:

The WordPress Automatic Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of its functions. This allows unauthenticated attackers to update campaigns and inject malicious web scripts via a forged request by tricking a site administrator into performing an action, such as clicking a link.

Recommendations:

Update the WordPress Automatic Plugin to version 3.118.0 or later.