AJAX Report Comments WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the AJAX Report Comments plugin for WordPress, affecting all versions through 2.0.4. The issue arises from inadequate nonce validation in the rc_options_page function, allowing unauthenticated attackers to manipulate various plugin settings. This includes altering link text, message templates, comment thresholds, cookie durations, and notification email details. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

Impact

Exploitation of this vulnerability allows for unauthorized changes to plugin settings, which could disrupt site functionality or user experience.