Primary

Context

Set Bulk Post Categories WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Set Bulk Post Categories plugin for WordPress, affecting all versions through 1.1. The vulnerability arises from a lack of nonce validation in the bulk category update feature, allowing unauthenticated attackers to alter post categories en masse by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in post categories, potentially disrupting content organization and management.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jan 24, 2026, 8:22 AM

Updated: Jan 24, 2026, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Set Bulk Post Categories WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating