A vulnerability labeled as problematic has been found in jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress. The impacted element is the function gmz_comment_settings_save of the component Setting Handler. The manipulation results in cross-site request forgery.

This vulnerability is reported as CVE-2026-9730. The attack can be launched remotely. No exploit exists.