Search Simple Fields WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Search Simple Fields plugin for WordPress, affecting versions through 0.2. The issue arises from inadequate nonce validation in the search_simple_fields_options() function within functions_admin.php. This vulnerability allows unauthenticated attackers to alter the plugin's settings—such as the post types to search, custom fields, media fields, and the custom media function name—by sending a forged request, provided they can persuade a site administrator to click a link or perform a similar action.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings, potentially allowing attackers to manipulate how the plugin interacts with posts and media.

Added: May 27, 2026, 7:21 AM

Updated: May 27, 2026, 7:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Search Simple Fields WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

Search Simple Fields

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating