MEDIUM
yuluma
CVE published 2026-06-09
CVE-2026-8904
The FastPicker plugin for WordPress, an order picker and order management system (OMS) for WooCommerce, is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0.2. This vulnerability is due to missing or incorrect nonce validation on the settingsPage function. An unauthenticated attacker can exploit this vulnerability by tricking a site administrator into performing an ac [truncated]