Cross-Site Request Forgery Vulnerability in Old Posts Highlighter Plugin for WordPress
CVE-2026-7614

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Old Posts Highlighter
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-7614?

The Old Posts Highlighter plugin for WordPress has a vulnerability allowing Cross-Site Request Forgery (CSRF) attacks. This flaw occurs in all versions up to and including 1.0.3. The OPH_options function is susceptible due to improper nonce validation, enabling unauthenticated attackers to change the plugin's settings through forged requests. By deceiving an administrator into taking actions, an attacker could exploit this vulnerability, leading to unauthorized alterations to the plugin's configuration.

Affected Version(s)

Old Posts Highlighter 0 <= 1.0.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/old-posts-high...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 1, 2026

Credit

Muhammad Afnaan

CVE-2026-7614 Data

JSON