MEDIUM
nakamura1458
CVE published 2026-05-27
CVE-2026-8938
A Cross-Site Request Forgery (CSRF) vulnerability in the Auto Making JSON-LD WordPress plugin allows unauthenticated attackers to manipulate license settings and trigger unauthorized pro feature installation. The flaw exists in the `amJL_certification` function due to missing or incorrect nonce validation, affecting all versions up to and including 4.5.3. Successful exploitation requires social engineerin [truncated]