Description
WordPress Plugin WP REST API (WP API) is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to serve up arbitrary Flash SWF files from the API, allowing these Flash files to bypass browser cross-origin domain policies. WordPress Plugin WP REST API (WP API) version 1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.1 or latest
References
Related Vulnerabilities
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)
phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-2346)
PHP Improper Input Validation Vulnerability (CVE-2010-3709)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)