Blog Introduction <= 0.3.0 - Settings Update via CSRF

An attacker crafts a malicious web page or HTML email that, when visited by a logged-in administrator, silently submits a forged request to the plugin's settings-update endpoint. Because the endpoint has no CSRF check [CWE-352], the administrator's browser automatically includes their session cookies, and the request is processed as if the admin intended it. This allows the attacker to alter the plugin's configuration without the admin's knowledge [ref_id=1].

The advisory does not specify the exact file or function within the blogintroduction-wordpress-plugin that handles settings updates. The plugin's settings-update endpoint lacks a CSRF nonce check [ref_id=1].

No patch has been published for this vulnerability [ref_id=1]. The advisory states there is "No known fix" as of the last update. To remediate, the plugin should add a CSRF nonce check (e.g., using WordPress's `wp_nonce_field()` and `check_admin_referer()`) to the settings-update handler so that only intentionally submitted requests from the admin are accepted [ref_id=1].

The advisory does not provide a full reproduction script, but the proof-of-concept approach is: 1) Create an HTML page that auto-submits a form to the vulnerable plugin's settings endpoint (e.g., `/wp-admin/options-general.php?page=blogintroduction-settings`). 2) Host the page and send the link to a logged-in admin. 3) When the admin visits the page, the settings are silently updated [ref_id=1].