CVE-2026-9676

Vulnerability Description

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.

Vulnerability Details

Published Date

June 29, 2026

Last Modified

June 29, 2026

Source

NVD

External References

https://wpscan.com/vulnerability/54627b10-115c-4434-a17b-eb680244889f/

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment