CVE-2026-1086
CSRF in Font Pairing Preview Plugin Allows Settings Modification
Publication date: 2026-03-07
Last updated on: 2026-03-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The vulnerability in the Font Pairing Preview For Landing Pages WordPress plugin (versions up to and including 1.3) is a Cross-Site Request Forgery (CSRF) issue. It occurs because the plugin's settings update functionality lacks nonce validation, which is a security measure to verify that requests are legitimate and intended by authenticated users."}, {'type': 'paragraph', 'content': "Due to this missing nonce check, an attacker can craft a forged request that, if a site administrator is tricked into clicking a malicious link, allows the attacker to modify the plugin's font pairing settings without proper authorization."}, {'type': 'paragraph', 'content': 'Additionally, the plugin uses outdated input sanitization methods and does not properly escape user inputs in the HTML output, which could also lead to Cross-Site Scripting (XSS) vulnerabilities.'}] [1, 2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can allow an unauthenticated attacker to change the font pairing settings of the plugin on a WordPress site by tricking an administrator into performing an action such as clicking a malicious link.'}, {'type': 'paragraph', 'content': "While the direct impact is limited to modifying font settings, this unauthorized change could be used as a vector for further attacks, especially considering the plugin's insufficient input sanitization and output escaping, which may enable Cross-Site Scripting (XSS) attacks."}, {'type': 'paragraph', 'content': 'Such attacks could lead to defacement, injection of malicious scripts, or other unauthorized actions within the affected WordPress site.'}, {'type': 'paragraph', 'content': 'The CVSS v3.1 base score of 4.3 reflects a low to medium severity, indicating that the vulnerability requires user interaction but does not directly compromise confidentiality or availability.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the WordPress site is running the Font Pairing Preview For Landing Pages plugin version 1.3 or earlier, which lacks nonce validation on the settings update functionality.'}, {'type': 'paragraph', 'content': "To detect exploitation attempts on your system or network, you can monitor HTTP requests to the plugin's settings update endpoint for suspicious POST requests that modify font pairing settings without proper authentication."}, {'type': 'paragraph', 'content': "Since the plugin stores settings in the WordPress options table under the key 'wp_fpp_settings', you can also inspect the database for unexpected changes to this option."}, {'type': 'list_item', 'content': "Use web server logs or a network monitoring tool to look for POST requests to URLs related to the plugin's settings page, especially those that include parameters like 'fpp-font-1', 'fpp-font-2', 'fpp-font1-size', etc."}, {'type': 'list_item', 'content': 'Example command to search web server logs for suspicious POST requests (adjust path and log file as needed):'}, {'type': 'list_item', 'content': "grep -i 'POST' /var/log/apache2/access.log | grep 'wp-font-pairing-settings.php'"}, {'type': 'list_item', 'content': 'Query the WordPress database to check the current font pairing settings:'}, {'type': 'list_item', 'content': "SELECT * FROM wp_options WHERE option_name = 'wp_fpp_settings';"}, {'type': 'paragraph', 'content': "Note that no specific detection commands are provided in the resources, so these suggestions are based on the plugin's behavior and storage."}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this Cross-Site Request Forgery vulnerability in the Font Pairing Preview For Landing Pages plugin (versions up to 1.3), immediate steps include:'}, {'type': 'list_item', 'content': 'Update the plugin to a version that includes nonce validation and proper security checks if such an update is available.'}, {'type': 'list_item', 'content': 'If no update is available, temporarily disable or deactivate the plugin to prevent exploitation.'}, {'type': 'list_item', 'content': 'Restrict access to the WordPress admin area to trusted users only and ensure administrators are aware not to click on suspicious links that could trigger forged requests.'}, {'type': 'list_item', 'content': "Implement web application firewall (WAF) rules to block unauthorized POST requests to the plugin's settings endpoint."}, {'type': 'list_item', 'content': 'Review and harden WordPress security settings, including enforcing strong administrator authentication and limiting plugin installation to trusted sources.'}] [1, 2]