Description
WordPress Plugin Product Catalog X is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Product Catalog X version 1.5.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5.13 or latest
References
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
https://plugins.svn.wordpress.org/post-type-x/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin UK Cookie Cross-Site Request Forgery (1.1)
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)
WordPress Plugin WebEngage Feedback, Survey and Notification Cross-Site Scripting (2.0.0)
WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)
WordPress Plugin DukaPress TimThumb Arbitrary File Upload (2.3.2)