• I have deactivated your plugin until these issues are fixed. I have received the below information from WP Engine:

    Security risk: csrf. This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.

    Severity: medium

    Fixed in: no fix yet

    Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Severity: medium

    Fixed in: no fix yet

    The page I need help with: [log in to see the link]

  • The topic ‘Security Risk’ is closed to new replies.