CVE-2026-4141

Name of the Vulnerable Software and Affected Versions The Quran Translations plugin for WordPress versions up to and including 1.7

Description The plugin is susceptible to Cross-Site Request Forgery due to the absence of nonce validation in the quran playlist options() function. This function handles the plugin's settings page and processes POST requests to update plugin options via update option() without verifying the authenticity of the request. An unauthenticated attacker can modify plugin settings, such as display options for PDF, RSS, podcast, media player links, playlist title, and playlist code, by forging a request and tricking a site administrator into performing an action.

Recommendations Update the plugin to a version newer than 1.7.