MEDIUM
helpstring
CVE published 2026-05-20
CVE-2026-6400
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Child Height Predictor by Ostheimer WordPress plugin, affecting all versions up to and including 1.3. The plugin's settings update handler lacks nonce verification, allowing unauthenticated attackers to forge administrative requests that modify plugin configuration options such as unit preferences. This vulnerability requires social engineeri [truncated]