MEDIUM
jay_patel
CVE published 2026-05-20
CVE-2026-8424
CVE-2026-8424 documents a Cross-Site Request Forgery (CSRF) vulnerability in the Remove Yellow BGBOX WordPress plugin affecting all versions up to and including 1.0. The flaw stems from missing or incorrect nonce validation on the 'rybb_api_settings' administrative page. An unauthenticated attacker can exploit this by inducing a site administrator to perform an action (such as clicking a malicious link), [truncated]