MEDIUM
ktulhu
CVE published 2026-05-20
CVE-2026-6452
The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.2. The vulnerability stems from missing or incorrect nonce validation on the `bigfishgames_syndicate_submenu()` function, allowing unauthenticated attackers to reset and update plugin settings via forged requests if they can trick a site administrator into clicking a mal [truncated]