CVE-2026-6401: CWE-352 Cross-Site Request Forgery (CSRF) in svil4ok Bottom Bar
The Bottom Bar WordPress plugin (versions up to 0. 1. 7) contains a Cross-Site Request Forgery (CSRF) vulnerability due to missing nonce verification on its settings update forms. This allows an attacker to trick a logged-in administrator into submitting crafted requests that modify plugin configuration options without proper authorization checks. The vulnerability arises because the plugin does not implement wp_nonce_field() in its forms nor calls check_admin_referer() during POST processing. The CVSS score is 4. 3, indicating a medium severity issue with limited impact on confidentiality but potential integrity concerns.
AI Analysis
Technical Summary
CVE-2026-6401 is a CSRF vulnerability in the Bottom Bar WordPress plugin by svil4ok, affecting all versions up to 0.1.7. The plugin's settings update forms lack nonce fields and server-side nonce verification, enabling unauthenticated attackers to induce logged-in administrators to unknowingly submit malicious requests that alter plugin settings such as language, post counts, or sharing services. This vulnerability stems from missing wp_nonce_field() usage in the forms and absence of check_admin_referer() calls in bottom-bar-admin.php during POST request handling.
Potential Impact
An attacker can cause a logged-in administrator to unknowingly change plugin configuration settings, potentially impacting the integrity of the plugin's behavior. There is no direct confidentiality or availability impact reported. The exploit requires the administrator to be logged in and interact with a crafted request, limiting the attack vector to social engineering or targeted attacks.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should avoid interacting with untrusted links or sites while logged into WordPress with administrative privileges. Monitoring for plugin updates from svil4ok is recommended to apply any forthcoming patches that add nonce verification and proper request validation.
CVE-2026-6401: CWE-352 Cross-Site Request Forgery (CSRF) in svil4ok Bottom Bar
Description
The Bottom Bar WordPress plugin (versions up to 0. 1. 7) contains a Cross-Site Request Forgery (CSRF) vulnerability due to missing nonce verification on its settings update forms. This allows an attacker to trick a logged-in administrator into submitting crafted requests that modify plugin configuration options without proper authorization checks. The vulnerability arises because the plugin does not implement wp_nonce_field() in its forms nor calls check_admin_referer() during POST processing. The CVSS score is 4. 3, indicating a medium severity issue with limited impact on confidentiality but potential integrity concerns.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6401 is a CSRF vulnerability in the Bottom Bar WordPress plugin by svil4ok, affecting all versions up to 0.1.7. The plugin's settings update forms lack nonce fields and server-side nonce verification, enabling unauthenticated attackers to induce logged-in administrators to unknowingly submit malicious requests that alter plugin settings such as language, post counts, or sharing services. This vulnerability stems from missing wp_nonce_field() usage in the forms and absence of check_admin_referer() calls in bottom-bar-admin.php during POST request handling.
Potential Impact
An attacker can cause a logged-in administrator to unknowingly change plugin configuration settings, potentially impacting the integrity of the plugin's behavior. There is no direct confidentiality or availability impact reported. The exploit requires the administrator to be logged in and interact with a crafted request, limiting the attack vector to social engineering or targeted attacks.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should avoid interacting with untrusted links or sites while logged into WordPress with administrative privileges. Monitoring for plugin updates from svil4ok is recommended to apply any forthcoming patches that add nonce verification and proper request validation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-04-15T20:30:08.265Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0d1a61ba1db473621f7af3
Added to database: 5/20/2026, 2:20:17 AM
Last enriched: 5/20/2026, 2:35:43 AM
Last updated: 5/20/2026, 1:32:42 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.