MEDIUM
umarbajwa
CVE published 2026-07-16
CVE-2026-12409
The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the ulpb_admin_ajax function. The vulnerability allows unauthenticated attackers to create, update, retitle, or change the post status, slug, and type of arbitrary posts and write ULPB_DAT [truncated]