CVE-2026-9730 | jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress Setting gmz_comment_settings_save cross-site request forgery

Inserito da Angelo Barbosa | Giu 2, 2026 | CVE

A vulnerability labeled as problematic has been found in jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress. The impacted element is the function gmz_comment_settings_save of the component Setting Handler. The manipulation results in cross-site request forgery.

This vulnerability is reported as CVE-2026-9730. The attack can be launched remotely. No exploit exists.

CVE-2026-9730 | jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress Setting gmz_comment_settings_save cross-site request forgery

Post correlati

CVE-2024-36076 | Syslifters SysReptor prior 2024.40 Websocket Connection cross-site request forgery

CVE-2024-4611 | AppPresser Plugin up to 4.3.2 on WordPress improper authentication

CVE-2024-48415 | itsourcecode Loan Management System 1.0 Borrowers Page cross site scripting

CVE-2025-13033 | nodemailer Email Parsing Library interpretation conflict (GHSA-mm7p-fcc7-pg87)