MEDIUM
askywhale
CVE published 2026-05-20
CVE-2026-8418
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Games Catalog WordPress plugin (versions ≤1.2.0). The gc_crud() function fails to validate nonces when processing delete actions via GET requests, allowing unauthenticated attackers to forge requests that delete arbitrary game catalog entries and their associated WordPress posts if an administrator clicks a malicious link. The vulnerability w [truncated]