Cross-Site Request Forgery in Osiris Signature Banner Plugin for WordPress
CVE-2026-8905

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Osiris Signature Banner
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-8905?

The Osiris Signature Banner plugin for WordPress is susceptible to Cross-Site Request Forgery, due to improper nonce validation mechanisms. This vulnerability allows unauthorized attackers to modify settings or inject malicious scripts, provided they can deceive an administrator into performing actions such as clicking a deceptive link. All versions up to and including 0.5 are affected, making it imperative for users to ensure their installations are secured against potential exploitation.

Affected Version(s)

Osiris Signature Banner 0 <= 0.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/osiris-signatu...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
May 18, 2026

Credit

Muhammad Nur Ibnu Hubab

CVE-2026-8905 Data

JSON