CVE-2026-8424

Name of the Vulnerable Software and Affected Versions Remove Yellow BGBOX versions prior to 1.1

Description The Remove Yellow BGBOX plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF), a flaw where an attacker tricks a victim into performing actions they did not intend to do. This occurs due to missing or incorrect nonce validation on the 'rybb api settings' page. Unauthenticated attackers can exploit this to reset stored settings by overwriting the plugin configuration if a site administrator is deceived into clicking a malicious link.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.