Skip to main content

Osiris Signature Banner

1 CVEs product

Monthly

CVE-2026-8905 MEDIUM This Month

Cross-Site Request Forgery in the Osiris Signature Banner WordPress plugin (all versions ≤ 0.5) enables unauthenticated attackers to update plugin settings and inject stored XSS payloads by tricking an authenticated administrator into triggering a forged request. Missing nonce validation across at least four functions (lines 107, 118, 139, and 189 of osiris-signature-banner.php) means any forged cross-origin form submission executed in an active admin session bypasses all server-side origin checks. No public exploit identified at time of analysis and no KEV listing is present, but the stored XSS secondary impact elevates real-world risk above a typical CSRF-only finding.

WordPress CSRF Osiris Signature Banner
NVD
CVSS 3.1
6.1
EPSS
0.1%
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-Site Request Forgery in the Osiris Signature Banner WordPress plugin (all versions ≤ 0.5) enables unauthenticated attackers to update plugin settings and inject stored XSS payloads by tricking an authenticated administrator into triggering a forged request. Missing nonce validation across at least four functions (lines 107, 118, 139, and 189 of osiris-signature-banner.php) means any forged cross-origin form submission executed in an active admin session bypasses all server-side origin checks. No public exploit identified at time of analysis and no KEV listing is present, but the stored XSS secondary impact elevates real-world risk above a typical CSRF-only finding.

WordPress CSRF Osiris Signature Banner
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy