CVE-2026-24384

Name of the Vulnerable Software and Affected Versions Merge + Minify + Refresh versions through 2.14

Description A Cross-Site Request Forgery (CSRF) issue exists in launchinteractive Merge + Minify + Refresh. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. CSRF occurs when a malicious website, email, or other communication form induces a user's browser to send an unwanted request to a web application that the user is currently authenticated to.

Recommendations Update Merge + Minify + Refresh to a version later than 2.14.