CVE-2026-1085

Name of the Vulnerable Software and Affected Versions True Ranker versions prior to 2.2.9

Description The True Ranker plugin for WordPress is susceptible to Cross-Site Request Forgery due to the absence of nonce validation on the seolocalrank-signout action. This allows unauthenticated attackers to disconnect an administrator's True Ranker account by deceiving a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update True Ranker to a version greater than 2.2.9.