I have several WP sites running the Patreon plugin, and in the last couple of days all have warned me about a vulnerability to Cross Site Request Forgery in the latest version (1.8.6). When will this issue be fixed?
Can you dm me the exact warning.
Wordfence just flagged this plugin for this vulnerability, too.
It looks like this listing was because some actions are lacking nonces. Potentially someone can socially engineer someone who is an admin to submit a form etc. Will be fixed in the next few days.
Wordfence is flagging even the updated version as being subject to this forgery, and was updated today to reflect this vulnerability:
Thanks for reporting. Will check it out.
Same here. New warning on my sites. Hope you can fix this.