Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Child Height Predictor by Ostheimer by helpstring

    CVE-2026-6400 (GCVE-0-2026-6400)

    Vulnerability from nvd – Published: 2026-05-20 01:25 – Updated: 2026-05-20 12:59
    VLAI
    Title
    Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form
    Summary
    The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option().
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    Muhammad Nur Ibnu Hubab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6400",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:59:18.412445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:59:26.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Child Height Predictor by Ostheimer",
              "vendor": "helpstring",
              "versions": [
                {
                  "lessThanOrEqual": "1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Nur Ibnu Hubab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option()."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T01:25:55.788Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc1681a8-5f2e-45f1-96d9-797b13644607?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/trunk/childheight.php#L149"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/tags/1.3/childheight.php#L149"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/trunk/childheight.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/tags/1.3/childheight.php#L135"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-19T12:04:31.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Child Height Predictor by Ostheimer \u003c= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6400",
        "datePublished": "2026-05-20T01:25:55.788Z",
        "dateReserved": "2026-04-15T20:28:43.917Z",
        "dateUpdated": "2026-05-20T12:59:26.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6400 (GCVE-0-2026-6400)

    Vulnerability from cvelistv5 – Published: 2026-05-20 01:25 – Updated: 2026-05-20 12:59
    VLAI
    Title
    Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form
    Summary
    The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option().
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    Muhammad Nur Ibnu Hubab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6400",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:59:18.412445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:59:26.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Child Height Predictor by Ostheimer",
              "vendor": "helpstring",
              "versions": [
                {
                  "lessThanOrEqual": "1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Nur Ibnu Hubab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option()."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T01:25:55.788Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc1681a8-5f2e-45f1-96d9-797b13644607?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/trunk/childheight.php#L149"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/tags/1.3/childheight.php#L149"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/trunk/childheight.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/child-height-predictor/tags/1.3/childheight.php#L135"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-19T12:04:31.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Child Height Predictor by Ostheimer \u003c= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6400",
        "datePublished": "2026-05-20T01:25:55.788Z",
        "dateReserved": "2026-04-15T20:28:43.917Z",
        "dateUpdated": "2026-05-20T12:59:26.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }