cleantalk
Vulnerabilities and Security Researches

Publish 2 Ping.fm, CVE-2026-6702

CVE, Research URL

CVE-2026-6702

Home page URL

Security reports for Publish 2 Ping.fm

Application

Publish 2 Ping.fm

Published on
May 05, 2026
Research Description
The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.1.
Status
vulnerable
Previous vulnerability researches
Publish 2 Ping.fm (CVE-2026-6702) , May 07, 2026
New vulnerability
Ditty – Responsive News Tickers, Sliders, and Lists (CVE-2026-9011) , May 24, 2026
GSheet For Woo Importer (CVE-2026-4843) , May 24, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-27349) , May 24, 2026
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2026-7249) , May 24, 2026
Hotel Booking Lite (CVE-2026-8684) , May 24, 2026