This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action.
Update the plugin.
Type Cross Site Request Forgery (CSRF) OWASP Top 10 A8: Cross Site Request Forgery (CSRF)