CVE-2026-7616 – Zawgyi Embed

CVE ID :CVE-2026-7616

Published : May 12, 2026, 9:16 a.m. | 41 minutes ago

Description :The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_adminpage function. This makes it possible for unauthenticated attackers to update the plugin’s zawgyi_forceCSS setting by submitting a forged POST request to options-general.php?page=zawgyi_embed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-7661 – Bootstrap Shortcode

CVE-2026-7437 – AzonPost

CVE-2026-7659 – Advanced Social Media Icons

CVE-2026-7626 – Slek Gateway for WooCommerce