PT-2026-42067 · WordPress · Bigfishgames Syndicate

Ibnu

+1

·

Published

2026-05-20

·

Updated

2026-05-28

·

CVE-2026-6452

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Bigfishgames Syndicate versions prior to 1.3
Description The Bigfishgames Syndicate plugin for WordPress contains a Cross-Site Request Forgery (CSRF) flaw. This occurs because the bigfishgames syndicate submenu() function lacks proper nonce validation. A nonce is a unique token used to verify that a request was intentionally sent by the user. This allows unauthenticated attackers to reset and update plugin settings by tricking a site administrator into clicking a malicious link.
Recommendations Update the plugin to a version later than 1.2. As a temporary workaround, restrict access to the bigfishgames syndicate submenu() function to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6452

Affected Products

Bigfishgames Syndicate