MEDIUM
pftool
CVE published 2026-05-22
CVE-2026-4070
CVE-2026-4070 is a cross-site request forgery issue in the Alfie – Feed Plugin for WordPress affecting all versions up to and including 1.2.1. The vulnerable path is the alfie_manage() function, which handles feed deletion through the delete GET parameter without nonce validation. An attacker who can trick a site administrator into following a crafted request may be able to delete plugin feed data.