CVE-2026-8910

Name of the Vulnerable Software and Affected Versions WP Emoticon Rating versions prior to 1.0.2

Description The WP Emoticon Rating plugin for WordPress is subject to Cross-Site Request Forgery (CSRF), a type of attack where an unauthorized user tricks a victim into performing actions they did not intend to do. This occurs due to missing or incorrect nonce validation—a unique token used to verify that a request was intentionally sent—on a function. Unauthenticated attackers can exploit this to update settings and inject malicious web scripts by tricking a site administrator into clicking a forged link.

Recommendations Update the plugin to a version later than 1.0.1.