PT-2026-53220 · Undefined · Undefined

Mustafa Ahmed

Published

2026-06-29

Updated

2026-06-29

CVE-2026-9676

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-9676

Affected Products

Undefined

PT-2026-53220 · Undefined · Undefined

CVE-2026-9676

Related Identifiers

Affected Products

References · 2