cleantalk
Vulnerabilities and Security Researches

Sentence To SEO (keywords, description and tags), CVE-2026-6391

CVE, Research URL

CVE-2026-6391

Home page URL

Security reports for Sentence To SEO (keywords, description and tags)

Application

Sentence To SEO (keywords, description and tags)

Published on
May 20, 2026
Research Description
The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create_admin_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.0.
Status
vulnerable
Previous vulnerability researches
Widget Context (CVE-2026-7615) , May 22, 2026
New vulnerability
SponsorMe (CVE-2026-8626) , May 23, 2026
Infility Global (CVE-2026-8685) , May 23, 2026
Logo Manager For Enamad (CVE-2026-6549) , May 23, 2026
Sentence To SEO (keywords, description and tags) (CVE-2026-6391) , May 23, 2026
Oliver POS – A WooCommerce Point of Sale (POS) (CVE-2026-6072) , May 23, 2026