Cross-Site Request Forgery Vulnerability in CDN Linker Lite Plugin for WordPress
CVE-2026-8941

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Cdn Linker Lite
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8941?

The CDN Linker Lite plugin for WordPress has a vulnerability due to improper nonce validation in the ossdl_off_options() function. This flaw enables unauthenticated attackers to exploit the plugin, risking unauthorized modifications to its settings. If an administrator can be deceived into clicking a rogue link, the attackers can alter crucial settings such as the CDN URL. This makes the site susceptible to malicious actions that could affect all static asset references, leading to potential data leaks or further exploitation.

Affected Version(s)

CDN Linker lite 0 <= 1.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/ossdl-cdn-off-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 19, 2026

Credit

Muhammad Afnaan

CVE-2026-8941 Data

JSON