๐Ÿ” CVE Alert

CVE-2026-6294

MEDIUM 4.3

Google PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() function, which handles the plugin settings page. The settings form does not include a wp_nonce_field(), and the form handler does not call check_admin_referer() or wp_verify_nonce() before processing the POST request. This makes it possible for unauthenticated attackers to trick a logged-in administrator into submitting a crafted request that changes the plugin's settings (stored via update_option()), such as the display style used to render the PageRank badge.

CWE CWE-352
Vendor byybora
Product google pagerank display
Published Apr 22, 2026
Stay Ahead of the Next One

Get instant alerts for byybora google pagerank display

Be the first to know when new medium vulnerabilities affecting byybora google pagerank display are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

byybora / Google PageRank Display
0 โ‰ค 1.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e39ebe27-7780-48b6-8dca-7da7a78fce69?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L32 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L32 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L56 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L56

Credits

Muhammad Nur Ibnu Hubab