WP Status Notifier Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP Status Notifier plugin for WordPress, affecting all versions up to and including 1.0. The vulnerability arises from inadequate nonce validation in the settings update process, allowing unauthenticated attackers to manipulate plugin settings by tricking a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for unauthorized changes to be made to the plugin settings, potentially leading to further security issues or misuse of the plugin's functionality.

Added: Jan 7, 2026, 4:50 PM

Updated: Jan 7, 2026, 4:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

1.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

1.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Status Notifier Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating