WordPress Baidu Share Button Plugin Cross-Site Request Forgery Vulnerability Allowing Stored Cross-Site Scripting

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Baidu Share Button plugin, specifically in versions through 1.0.6. This vulnerability allows for Stored Cross-Site Scripting (XSS) attacks, where malicious scripts can be injected and executed.

Impact

Exploitation of this vulnerability could enable attackers to perform unauthorized actions on behalf of users with higher privileges, potentially leading to the injection of malicious scripts that are stored and executed later.

Remediation

No official fix is available for this vulnerability. Users are advised to remove and replace the plugin, as it is likely abandoned and will not receive further updates.