PT-2026-42067 · WordPress · Bigfishgames Syndicate
Ibnu
+1
·
Published
2026-05-20
·
Updated
2026-05-28
·
CVE-2026-6452
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Bigfishgames Syndicate versions prior to 1.3
Description
The Bigfishgames Syndicate plugin for WordPress contains a Cross-Site Request Forgery (CSRF) flaw. This occurs because the
bigfishgames syndicate submenu() function lacks proper nonce validation. A nonce is a unique token used to verify that a request was intentionally sent by the user. This allows unauthenticated attackers to reset and update plugin settings by tricking a site administrator into clicking a malicious link.Recommendations
Update the plugin to a version later than 1.2.
As a temporary workaround, restrict access to the
bigfishgames syndicate submenu() function to minimize the risk of exploitation.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigfishgames Syndicate