MEDIUM
svil4ok
CVE published 2026-05-20
CVE-2026-6401
Cross-Site Request Forgery (CSRF) vulnerability in the Bottom Bar WordPress plugin (versions ≤0.1.7) allows unauthenticated attackers to modify plugin settings by tricking authenticated administrators into submitting malicious requests. The vulnerability stems from missing nonce verification on three administrative settings forms.