Google Plus One Bottom WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Google Plus One Bottom plugin for WordPress, affecting all versions through 0.0.2. The issue arises from inadequate nonce validation in the googlePlusOneAdmin function, allowing unauthenticated attackers to alter the plugin's settings. This includes options such as plusone-lang, plusone-callback, and plusone-url, which are stored in the database. The vulnerability can be exploited by tricking a site administrator into clicking a link that sends a forged request to modify these settings.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the plugin's settings, potentially leading to further security issues or misuse of the plugin's functionality.

Remediation

There is no known patch available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.