CVE-2026-8423

Name of the Vulnerable Software and Affected Versions JaviBola Custom Theme Test versions prior to 2.0.6

Description The JaviBola Custom Theme Test plugin for WordPress contains a Cross-Site Request Forgery (CSRF) flaw, which occurs when a web application allows an attacker to induce a user to perform actions they did not intend to. This issue is caused by missing or incorrect nonce validation on the options page. Unauthenticated attackers can change the active theme of a site by modifying the jbct theme option through a forged request, provided they can trick a site administrator into clicking a link.

Recommendations Update to a version newer than 2.0.5.