MEDIUM
manuelpadillac
CVE published 2026-06-24
CVE-2026-6292
The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This vulnerability is due to a completely broken nonce validation in the enter_mpclp_login_options() function. The function contains an inverted check (if wp_verify_nonce(...) { return false; }) and is missing the required action parameter for wp_verify_nonce(). As a [truncated]