CVE-2026-6400: CWE-352 Cross-Site Request Forgery (CSRF) in helpstring Child Height Predictor by Ostheimer
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option().
AI Analysis
Technical Summary
CVE-2026-6400 describes a CSRF vulnerability in the Child Height Predictor by Ostheimer WordPress plugin affecting all versions up to 1.3. The issue stems from the options() function handling plugin settings updates without nonce verification. The form template does not include wp_nonce_field(), and the handler does not call check_admin_referer() or wp_verify_nonce(), which are standard WordPress protections against CSRF. Consequently, an unauthenticated attacker can craft a malicious link or page that causes an administrator to unknowingly submit a forged POST request, leading to unauthorized changes in plugin settings such as unit preferences stored via update_option().
Potential Impact
The vulnerability allows unauthorized modification of plugin settings by exploiting the lack of CSRF protections. While it does not disclose sensitive data or allow code execution, it can cause integrity issues by changing configuration values without administrator consent. The CVSS score of 4.3 reflects a medium severity impact with low complexity and no required privileges but requires user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, administrators should avoid clicking untrusted links while logged into WordPress admin or consider disabling the plugin. Applying standard WordPress security practices such as limiting administrator access and using security plugins that detect CSRF attempts may help mitigate risk.
CVE-2026-6400: CWE-352 Cross-Site Request Forgery (CSRF) in helpstring Child Height Predictor by Ostheimer
Description
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option().
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6400 describes a CSRF vulnerability in the Child Height Predictor by Ostheimer WordPress plugin affecting all versions up to 1.3. The issue stems from the options() function handling plugin settings updates without nonce verification. The form template does not include wp_nonce_field(), and the handler does not call check_admin_referer() or wp_verify_nonce(), which are standard WordPress protections against CSRF. Consequently, an unauthenticated attacker can craft a malicious link or page that causes an administrator to unknowingly submit a forged POST request, leading to unauthorized changes in plugin settings such as unit preferences stored via update_option().
Potential Impact
The vulnerability allows unauthorized modification of plugin settings by exploiting the lack of CSRF protections. While it does not disclose sensitive data or allow code execution, it can cause integrity issues by changing configuration values without administrator consent. The CVSS score of 4.3 reflects a medium severity impact with low complexity and no required privileges but requires user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, administrators should avoid clicking untrusted links while logged into WordPress admin or consider disabling the plugin. Applying standard WordPress security practices such as limiting administrator access and using security plugins that detect CSRF attempts may help mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-04-15T20:28:43.917Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0d1a61ba1db473621f7aec
Added to database: 5/20/2026, 2:20:17 AM
Last enriched: 5/20/2026, 2:35:48 AM
Last updated: 5/20/2026, 6:16:03 PM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.