cleantalk
Vulnerabilities and Security Researches

WP Meta Sort Posts, CVE-2026-8940

CVE, Research URL

CVE-2026-8940

Home page URL

Security reports for WP Meta Sort Posts

Application

WP Meta Sort Posts

Published on
Jun 09, 2026
Research Description
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to change the plugin's msp_loop_file and msp_nav_location settings via a forged request via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 0.9.
Status
vulnerable
Previous vulnerability researches
Accordion Slider Lite (CVE-2024-11892) , Jan 12, 2025
New vulnerability
WP Emoticon Rating (CVE-2026-8910) , Jun 10, 2026
WP GDPR Cookie Consent (CVE-2026-8977) , Jun 10, 2026
TinyMCE shortcode Addon (CVE-2026-10024) , Jun 10, 2026
kk blog card (CVE-2026-8895) , Jun 10, 2026
WpMobi (CVE-2026-8909) , Jun 10, 2026