cleantalk
Vulnerabilities and Security Researches

Sentence To SEO (keywords, description and tags), CVE-2026-6391

CVE, Research URL

CVE-2026-6391

Home page URL

Security reports for Sentence To SEO (keywords, description and tags)

Application

Sentence To SEO (keywords, description and tags)

Published on
May 20, 2026
Research Description
The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create_admin_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.0.
Status
vulnerable
Previous vulnerability researches
Sell Digital Downloads (CVE-2025-22826) , Jan 11, 2025
New vulnerability
WP Directory Kit (CVE-2026-42672) , May 23, 2026
診断ジェネレータ作成プラグイン (CVE-2026-5293) , May 23, 2026
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce (CVE-2026-45209) , May 23, 2026
SponsorMe (CVE-2026-8626) , May 23, 2026
Infility Global (CVE-2026-8685) , May 23, 2026