CVE-2026-7614

Name of the Vulnerable Software and Affected Versions Old Posts Highlighter versions prior to 1.0.4

Description The Old Posts Highlighter plugin for WordPress is susceptible to Cross-Site Request Forgery, a type of attack where an unauthorized user tricks a victim into performing actions they did not intend to do. This occurs due to missing or incorrect nonce validation within the OPH options() function. Consequently, unauthenticated attackers can update the plugin configuration settings without authorization by inducing a site administrator to click a malicious link.

Recommendations Update the plugin to a version later than 1.0.3. As a temporary workaround, restrict access to the OPH options() function to minimize the risk of exploitation.