cleantalk
Vulnerabilities and Security Researches

True Ranker, CVE-2026-1085

CVE, Research URL

CVE-2026-1085

Home page URL

Security reports for True Ranker

Application

True Ranker

Published on
Mar 07, 2026
Research Description
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True Ranker account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.2.9.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Post Grid (CVE-2024-9051) , Oct 12, 2024
WP Ultimate Post Grid (CVE-2024-4043) , Jun 06, 2024
New vulnerability
Employee Directory – Staff Directory and Listing (CVE-2026-1279) , Apr 16, 2026
Advance Block Extend (CVE-2026-1646) , Apr 16, 2026
All push notification for WP (CVE-2026-0816) , Apr 16, 2026
Slideshow Wp (CVE-2026-1885) , Apr 16, 2026
XO Event Calendar (CVE-2026-0556) , Apr 16, 2026