CVE-2026-4090

Name of the Vulnerable Software and Affected Versions Inquiry Cart plugin for WordPress versions prior to 3.4.3

Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce verification in the rd ic settings page() function during the processing of settings form submissions. A nonce is a unique token used to verify that a request was intentionally sent by the user. This flaw allows unauthenticated attackers to update plugin settings by tricking an administrator into clicking a malicious link, which can lead to the injection of scripts that execute within the admin area.

Recommendations Update the plugin to a version later than 3.4.2.