MEDIUM
adamsilverstein
CVE published 2026-06-19
CVE-2026-11775
The User Admin Simplifier plugin for WordPress has a Cross-Site Request Forgery vulnerability in all versions up to, and including, 3.0.0. This vulnerability, with a CVSS score of 4.3, allows unauthenticated attackers to reset and permanently delete any user's stored menu and admin-bar configuration via a forged request. The vulnerability exists due to missing or incorrect nonce validation on the useradmi [truncated]