Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 20 May 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 20 May 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jay Patel
Jay Patel remove Yellow Bgbox Wordpress Wordpress wordpress |
|
| Vendors & Products |
Jay Patel
Jay Patel remove Yellow Bgbox Wordpress Wordpress wordpress |
Wed, 20 May 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_api_settings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored settings by overwriting its configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
| Title | Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery | |
| Weaknesses | CWE-352 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-05-20T17:17:11.846Z
Reserved: 2026-05-12T17:50:09.694Z
Link: CVE-2026-8424
Updated: 2026-05-20T17:17:07.378Z
Status : Deferred
Published: 2026-05-20T02:16:40.400
Modified: 2026-06-17T11:03:55.437
Link: CVE-2026-8424
No data.
OpenCVE Enrichment
Updated: 2026-05-20T10:38:18Z