CVE-2026-6400
Deferred Deferred - Pending Action
Cross-Site Request Forgery in Child Height Predictor WordPress Plugin

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: Wordfence

Description
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-05-20
AI Q&A
2026-05-20
EPSS Evaluated
N/A
NVD
CVE-2026-6400
EUVD
EUVD-2026-31038
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ostheimer child_height_predictor to 1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The Child Height Predictor by Ostheimer plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to and including 1.3. This happens because the plugin's options() function, which updates plugin settings, lacks proper nonce verification. Specifically, the form template does not include a wp_nonce_field() call, and the handler does not call check_admin_referer() or wp_verify_nonce(). As a result, an attacker can trick a site administrator into clicking a malicious link or visiting a harmful page that submits a forged POST request, leading to unauthorized changes in the plugin settings.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update the Child Height Predictor by Ostheimer plugin to a version later than 1.3 where nonce verification is properly implemented.

If an update is not immediately available, avoid clicking on suspicious links or visiting untrusted pages while logged in as a site administrator, as the vulnerability allows unauthenticated attackers to trick administrators into submitting forged POST requests.

Additionally, consider applying custom patches to add nonce verification in the options() function and ensure the form template includes a wp_nonce_field() call, along with calls to check_admin_referer() or wp_verify_nonce() in the handler.


How can this vulnerability impact me? :

This vulnerability allows unauthenticated attackers to cause unauthorized changes to the plugin settings by tricking an administrator into submitting a forged request. For example, attackers can change unit preferences or other plugin options stored in the database without the administrator's consent. While it does not directly compromise data confidentiality or availability, it can lead to integrity issues by altering plugin behavior unexpectedly.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart