The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark_rp_options_page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
GHSA-4r27-2c98-x9f5: The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version...
The ARK Related Posts plugin for WordPress version 2.19 is vulnerable to Cross-Site Request Forgery due to missing nonce validation, allowing attackers to modify plugin settings.