MEDIUM
simonailie
CVE published 2026-05-27
CVE-2026-8939
A Cross-Site Request Forgery (CSRF) vulnerability in the Search Simple Fields WordPress plugin allows unauthenticated attackers to modify plugin settings if they can trick an administrator into clicking a malicious link. The flaw exists in the `search_simple_fields_options()` function in `functions_admin.php` due to missing or incorrect nonce validation. Affected versions are up to and including 0.2. The [truncated]