Sync Feedly WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Sync Feedly plugin for WordPress, affecting all versions through 1.0.1. The issue arises from inadequate nonce validation in the 'crsf_cron_job_func' function, allowing unauthenticated attackers to initiate content synchronization from Feedly. This could result in the creation of multiple posts through a forged request, provided the attacker can persuade a site administrator to click a link or perform a similar action.

Impact

Exploitation of this vulnerability could lead to unauthorized content synchronization from Feedly, allowing for the creation of multiple posts on the WordPress site without the administrator's consent.

Reproduction

To reproduce this vulnerability, an attacker must exploit the missing nonce validation by sending a forged request to the 'crsf_cron_job_func' function. This can be done by tricking a site administrator into clicking a link that activates the synchronization process with Feedly, potentially resulting in the creation of several posts.

Remediation

No known patch is available for this vulnerability. It is recommended to uninstall the affected plugin and consider a replacement.