cleantalk
Vulnerabilities and Security Researches

The Guardian News Feed, CVE-2026-1087

CVE, Research URL

CVE-2026-1087

Home page URL

Security reports for The Guardian News Feed

Application

The Guardian News Feed

Published on
Mar 07, 2026
Research Description
The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings, including the Guardian API key, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.2.
Status
vulnerable
Previous vulnerability researches
The Guardian News Feed (CVE-2026-1087) , Apr 25, 2026
New vulnerability
WordPress Books Gallery (CVE-2026-5347) , Apr 26, 2026
LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course (CVE-2026-39524) , Apr 26, 2026
Newsletter – Send awesome emails from WordPress (CVE-2025-3582) , Apr 26, 2026
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Car (CVE-2024-4002) , Apr 26, 2026
Court Reservation – Manage Your Court Bookings Online (CVE-2026-1508) , Apr 26, 2026