Description
WordPress Plugin WP-Backgrounds Lite is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WP-Backgrounds Lite version 2.3 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism or disable the plugin until a fix is available
References
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
https://wordpress.org/plugins/wp-backgrounds-lite/#description
Related Vulnerabilities
WordPress Plugin WP to Twitter Authorization Bypass (2.9.3)
Drupal Core 9.0.0 Remote Code Execution (9.0.0)
WordPress Plugin Downloads Manager Arbitrary File Upload (1.0)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2015-7501)
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2022-25762)