Wordpress apps: authLdap plugin Cross-Site Request Forgery
There is a new version with one of two issues patched
And I note that the other issue "only impacts multi-site installations and installations where unfiltered_html has been disabled."
Also from that page, it sounds like it is only people who are already logged in Admins and above could take advantage of it:
makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
So if you trust your Admins it doesn't really seem to be an issue (in my case this is normally only me and I both trust myself and don't have the tech skills to take advantage of this potential exploit), hence why the author of the authLDAP plugin doesn't seem to bothered by it.