Facebook for WooCommerce and Messenger Customer Chat have been found to be vulnerable to cross-site request forgery attacks. Facebook confirmed that a fix for the bugs has been issued in an email with Threatpost. A researcher published the bugs on the plugin vulnerability website, disclosing the flaws ahead of notifying the vendor. The researcher did not disclose the bugs responsibly and allow a patch to be made available to effected websites ahead of disclosure, Threatpost will limit information and links associated with the researcher s report. It is not the first time the researcher has reported flaws in WordPress.
Source: https://threatpost.com/irked-researcher-discloses-facebook-wordpress-plugin-flaws/145771/