MEDIUM
eazyserver
CVE published 2026-05-20
CVE-2026-6391
The Sentence To SEO WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. The vulnerability exists in the create_admin_page() function due to missing or incorrect nonce validation. An unauthenticated attacker can exploit this by tricking a site administrator into clicking a malicious link, allowing the attacker to inject malicious web scripts and upda [truncated]