Moderate Selected Posts WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Moderate Selected Posts WordPress plugin, affecting all versions through 1.4. The issue arises from a lack of nonce verification in the msp_admin_page() function, allowing unauthenticated attackers to alter plugin settings. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling unauthorized changes to plugin settings.

Reproduction

To reproduce this vulnerability, an attacker must create a forged request that exploits the missing nonce verification in the msp_admin_page() function. This can be done by tricking a site administrator into clicking a link that activates the forged request, thereby bypassing the intended security measures.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.