Cross-Site Request Forgery Vulnerability in Skysa Text Ticker App for WordPress
CVE-2026-6710

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Skysa Text Ticker App
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-6710?

The Skysa Text Ticker App plugin for WordPress suffers from a vulnerability that allows unauthorized actors to exploit missing nonce validation. Unauthenticated attackers can deceive site administrators into executing unauthorized requests, potentially altering sensitive settings of the app, such as text and URLs displayed. This occurs when attackers manage to trick the admin into performing actions through manipulated links, posing significant risks to the integrity and functionality of WordPress sites utilizing this plugin.

Affected Version(s)

Skysa Text Ticker App 0 <= 1.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/skysa-text-tic...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Muhammad Nur Ibnu Hubab

CVE-2026-6710 Data

JSON