CVE-2026-1032

Name of the Vulnerable Software and Affected Versions Conditional Menus for WordPress versions prior to 1.2.7

Description The Conditional Menus plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.2.6. The issue stems from the absence of nonce validation within the save options function. This allows unauthenticated attackers to potentially modify conditional menu assignments through a forged request, provided they can trick a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update the Conditional Menus plugin to version 1.2.7 or later.