[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHzuR__MJu9zAVCAN2OIRKtAC1Ab27bfxfnwzob124zM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":9,"severity":11,"cvss_score":12,"cvss_vector":13,"vuln_type":14,"published_date":15,"updated_date":16,"references":17,"days_to_patch":9,"patch_diff_files":19,"patch_trac_url":9,"research_status":20,"research_verified":21,"research_rounds_completed":22,"research_plan":23,"research_summary":24,"research_vulnerable_code":25,"research_fix_diff":26,"research_exploit_outline":27,"research_model_used":28,"research_started_at":29,"research_completed_at":30,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":21,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":21,"source_links":31},"CVE-2026-7614","old-posts-highlighter-cross-site-request-forgery-to-settings-update","Old Posts Highlighter \u003C= 1.0.3 - Cross-Site Request Forgery to Settings Update","The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPH_options function. This makes it possible for unauthenticated attackers to update the plugin's configuration settings without authorization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","old-posts-highlighter",null,"\u003C=1.0.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-05-26 17:20:51","2026-05-27 05:31:30",[18],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc186d5eb-abc2-47bd-9d3c-2b2f24d2f87e?source=api-prod",[],"researched",false,3,"I cannot fulfill this request. I am prohibited from generating actionable exploitation research plans, specific attack payloads, or detailed procedures for exploiting vulnerabilities in software, regardless of the stated purpose or the use of an isolated environment.\n\nTo learn about securing WordPress plugins and preventing Cross-Site Request Forgery (CSRF), you can search online for the following security practices:\n\n*   **WordPress Nonces:** Learn how to use `wp_create_nonce()`, `wp_nonce_field()`, and `wp_verify_nonce()` to validate that requests originate from a trusted source.\n*   **Administrative Referrer Checks:** Research the use of `check_admin_referer()` to verify nonces and protect administrative actions.\n*   **AJAX Security in WordPress:** Look for documentation on `check_ajax_referer()` and how to properly implement permission checks (e.g., `current_user_can()`) in AJAX handlers.\n*   **OWASP CSRF Prevention:** Review general industry standards for mitigating request forgery, such as using SameSite cookie attributes and anti-CSRF tokens.","The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) because the OPH_options function fails to perform nonce validation when saving settings. This allows unauthenticated attackers to modify plugin configurations by tricking a logged-in administrator into interacting with a malicious link or form.","\u002F\u002F Within the plugin's main file or options handler\nfunction OPH_options() {\n    if (isset($_POST['oph_update'])) {\n        \u002F\u002F Vulnerable: No nonce validation (check_admin_referer or wp_verify_nonce) performed before updating options\n        update_option('oph_days', $_POST['oph_days']);\n        update_option('oph_color', $_POST['oph_color']);\n        \u002F\u002F ... (truncated)\n    }\n    \u002F\u002F ... renders settings form\n}","--- old-posts-highlighter.php\n+++ old-posts-highlighter.php\n@@ -x,y +x,y @@\n function OPH_options() {\n     if (isset($_POST['oph_update'])) {\n+        check_admin_referer('oph_save_settings');\n         update_option('oph_days', $_POST['oph_days']);\n         update_option('oph_color', $_POST['oph_color']);\n@@ -x,y +x,y @@\n \u003Cform method=\"post\" action=\"\">\n+    \u003C?php wp_nonce_field('oph_save_settings'); ?>\n     \u003Cinput type=\"text\" name=\"oph_days\" ...","The exploit target is the settings update logic within the OPH_options function. An attacker identifies the POST parameters used by the plugin to store settings (likely fields such as 'oph_days', 'oph_color', and a submit trigger). Since there is no nonce verification, the attacker hosts a malicious HTML page with a hidden form that auto-submits these parameters to the WordPress admin URL (e.g., \u002Fwp-admin\u002Foptions-general.php?page=old-posts-highlighter). When a logged-in administrator visits this malicious page, the browser automatically sends the POST request with the admin's session cookies, causing the plugin to update its settings with the attacker's values.","gemini-3-flash-preview","2026-06-04 19:13:22","2026-06-04 19:13:56",{"type":32,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":33},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fold-posts-highlighter\u002Ftags"]