MEDIUM
mkhfr
CVE published 2026-05-27
CVE-2026-7614
CVE-2026-7614 documents a Cross-Site Request Forgery (CSRF) vulnerability in the Old Posts Highlighter WordPress plugin affecting versions up to and including 1.0.3. The flaw stems from missing or incorrect nonce validation on the `OPH_options` function, allowing unauthenticated attackers to modify plugin configuration settings if they can induce a site administrator to perform an action such as clicking [truncated]