CVE-2026-1082

Name of the Vulnerable Software and Affected Versions TITLE ANIMATOR plugin for WordPress versions prior to 1.0

Description The software is susceptible to a Cross-Site Request Forgery issue. This is a result of a lack of nonce validation on the settings page form handler located in inc/settings-page.php. An unauthenticated attacker could potentially modify plugin settings by deceiving a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update to a version of the TITLE ANIMATOR plugin that is newer than 1.0.