Description
WordPress Plugin Add From Server is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Add From Server version 3.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.2 or latest
References
Related Vulnerabilities
WordPress Plugin Activity Log Information Disclosure (2.2.12)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)
WordPress Plugin Contact Form Email Multiple Vulnerabilities (1.2.65)
WordPress Plugin Email Before Download SQL Injection (3.4)
WordPress Plugin Image Source Control Security Bypass (2.3.0)