CVE-2026-8941: CWE-352 Cross-Site Request Forgery (CSRF) in wmark CDN Linker lite
CVE-2026-8941 is a Cross-Site Request Forgery (CSRF) vulnerability in the CDN Linker lite WordPress plugin up to version 1. 3. 1. The issue arises from missing or incorrect nonce validation in the ossdl_off_options() function, allowing unauthenticated attackers to update plugin settings if they can trick an administrator into performing an action like clicking a malicious link. This can lead to unauthorized changes to the CDN URL that rewrites static asset references on the site. The vulnerability has a CVSS score of 4. 3, indicating medium severity. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
The CDN Linker lite plugin for WordPress versions up to 1.3.1 contains a CSRF vulnerability due to improper nonce validation in the ossdl_off_options() function. This flaw enables attackers to forge requests that update plugin settings, including the CDN URL configuration, by tricking site administrators into executing unintended actions. The vulnerability does not require privileges or direct user interaction beyond the administrator clicking a crafted link. The CVSS 3.1 base score is 4.3 (medium), reflecting low complexity and no direct confidentiality or availability impact. No patch or official remediation level has been published by the vendor as of the data provided.
Potential Impact
An attacker can cause an authenticated site administrator to unknowingly change the CDN URL used by the plugin, potentially redirecting static asset requests to attacker-controlled resources. This could lead to indirect risks such as content injection or manipulation depending on the attacker's control over the CDN URL. There is no direct impact on confidentiality or availability reported. No known active exploitation has been documented.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should exercise caution with links and requests that could trigger plugin settings changes. Implementing additional CSRF protections or disabling the plugin if not needed may reduce risk. Monitor official vendor channels for updates.
CVE-2026-8941: CWE-352 Cross-Site Request Forgery (CSRF) in wmark CDN Linker lite
Description
CVE-2026-8941 is a Cross-Site Request Forgery (CSRF) vulnerability in the CDN Linker lite WordPress plugin up to version 1. 3. 1. The issue arises from missing or incorrect nonce validation in the ossdl_off_options() function, allowing unauthenticated attackers to update plugin settings if they can trick an administrator into performing an action like clicking a malicious link. This can lead to unauthorized changes to the CDN URL that rewrites static asset references on the site. The vulnerability has a CVSS score of 4. 3, indicating medium severity. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.
CVSS v3.1
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The CDN Linker lite plugin for WordPress versions up to 1.3.1 contains a CSRF vulnerability due to improper nonce validation in the ossdl_off_options() function. This flaw enables attackers to forge requests that update plugin settings, including the CDN URL configuration, by tricking site administrators into executing unintended actions. The vulnerability does not require privileges or direct user interaction beyond the administrator clicking a crafted link. The CVSS 3.1 base score is 4.3 (medium), reflecting low complexity and no direct confidentiality or availability impact. No patch or official remediation level has been published by the vendor as of the data provided.
Potential Impact
An attacker can cause an authenticated site administrator to unknowingly change the CDN URL used by the plugin, potentially redirecting static asset requests to attacker-controlled resources. This could lead to indirect risks such as content injection or manipulation depending on the attacker's control over the CDN URL. There is no direct impact on confidentiality or availability reported. No known active exploitation has been documented.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should exercise caution with links and requests that could trigger plugin settings changes. Implementing additional CSRF protections or disabling the plugin if not needed may reduce risk. Monitor official vendor channels for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-05-19T12:05:08.546Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a169069e29bf47b509e186c
Added to database: 5/27/2026, 6:34:17 AM
Last enriched: 5/27/2026, 6:48:53 AM
Last updated: 5/27/2026, 8:56:28 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.