Report
The BSK Forms Blacklist plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9. This is due to missing or incorrect nonce validation on the do_bulk_action() function. This makes it possible for unauthenticated attackers to perform SQL Injection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Score:8.2
Severity:High
Version: 3.9
There is a patch available in v4.0 and we strongly recommend you update to this version as soon as possible.
