CVE-2026-6702

Name of the Vulnerable Software and Affected Versions Publish 2 Ping.fm plugin for WordPress versions prior to 1.2

Description Cross-Site Request Forgery occurs due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This allows unauthenticated attackers to update settings and inject malicious web scripts by tricking a site administrator into clicking a forged link. Nonce validation is a security mechanism used to ensure that a request was intentionally sent by the user and not forged by a third party.

Recommendations Update the plugin to a version later than 1.1.