Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 20 May 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 20 May 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Askywhale
Askywhale games Catalog Wordpress Wordpress wordpress |
|
| Vendors & Products |
Askywhale
Askywhale games Catalog Wordpress Wordpress wordpress |
Wed, 20 May 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() function which handles the delete action (action=delete) via a GET request without any wp_verify_nonce() / check_admin_referer() call. This makes it possible for unauthenticated attackers to delete arbitrary game catalog entries (including the associated WordPress post created for the game) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | |
| Title | Games Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion | |
| Weaknesses | CWE-352 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-05-20T13:17:27.823Z
Reserved: 2026-05-12T17:41:58.391Z
Link: CVE-2026-8418
Updated: 2026-05-20T13:16:41.954Z
Status : Deferred
Published: 2026-05-20T02:16:39.827
Modified: 2026-06-17T11:03:54.827
Link: CVE-2026-8418
No data.
OpenCVE Enrichment
Updated: 2026-05-20T10:38:36Z