MEDIUM
simonholliday
CVE published 2026-05-20
CVE-2026-6405
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress, versions up to and including 0.3.6, contains a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored Cross-Site Scripting (XSS). The plugin's settings page handler lacks nonce verification (no wp_nonce_field() in the form and no check_admin_referer() in the handler), allowing unauthenticated attackers to forge cross-origin [truncated]