MEDIUM
jasonpitts
CVE published 2026-06-09
CVE-2026-8940
A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP Meta Sort Posts plugin for WordPress, affecting all versions up to and including 0.9. This vulnerability is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. An unauthenticated attacker can exploit this by tricking a site administrator into performing an action such as clicking on a link, all [truncated]