cleantalk
Vulnerabilities and Security Researches

Child Height Predictor by Ostheimer, CVE-2026-6400

CVE, Research URL

CVE-2026-6400

Home page URL

Security reports for Child Height Predictor by Ostheimer

Application

Child Height Predictor by Ostheimer

Published on
May 20, 2026
Research Description
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option().
Affected versions
max 1.3.
Status
vulnerable
Previous vulnerability researches
Child Height Predictor by Ostheimer (CVE-2026-6400) , May 23, 2026
New vulnerability
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2026-6072) , May 23, 2026
Amazon Scraper (CVE-2026-8419) , May 23, 2026
WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons (CVE-2026-4811) , May 23, 2026
Online Service Booking System & Reservation Plugin – WpBookingly (CVE-2026-27405) , May 23, 2026
Anomify AI – Anomaly Detection and Alerting (CVE-2026-6405) , May 23, 2026