Description
WordPress Plugin WP RSS Multi Importer is prone to multiple cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WP RSS Multi Importer version 3.11 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.9.10)
MySQL CVE-2013-1552 Vulnerability (CVE-2013-1552)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.5)