MEDIUM
wmark
CVE published 2026-05-27
CVE-2026-8941
Cross-Site Request Forgery (CSRF) vulnerability in CDN Linker lite WordPress plugin versions up to and including 1.3.1. The ossdl_off_options() function lacks proper nonce validation, allowing unauthenticated attackers to modify plugin settings—including the CDN URL used for static asset rewriting—if they can trick an administrator into clicking a malicious link.