CVE-2026-6391 - Vulnerability Details

- Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

Description

The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create_admin_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Published: 2026-05-20

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Sentence To SEO (keywords, description and tags) plugin is vulnerable because the create_admin_page() function does not properly validate a security nonce. This flaw allows an unauthenticated attacker to forge a request that updates plugin settings, inserting arbitrary JavaScript that is then stored and executed whenever the settings page is rendered. The vulnerability is a classic CSRF‑to‑stored‑XSS chain, with the potential to compromise the confidentiality, integrity, or availability of the site and its visitors.

Affected Systems

WordPress sites that run the Sentence To SEO plugin by eazyserver, version 1.0 and all earlier releases. The affected product is packaged as the WordPress plugin named Sentence To SEO (keywords, description and tags). No specific patch version information is included in the CNA data, so all instances of the vulnerable plugin need to be examined.

Risk and Exploitability

This issue carries a CVSS score of 6.1, indicating moderate severity. EPSS data is not available, but the flaw is not listed in CISA’s KEV catalog. The likely attack vector is a cross‑site request forgery: an attacker crafts a link or form that an active administrator clicks, causing the admin’s browser to submit a request to update the plugin settings. Because the nonce verification is missing, the request succeeds, and the stored script executes in future page loads. As the flaw is unauthenticated and relies on an admin’s interaction, an attacker who can persuade or trick site owners can elevate the risk to arbitrary users of the affected WordPress site.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

eazyserver

Sentence To SEO (keywords, description and tags)

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.0

No data.

Vendor Product Confidence Versions

Eazyserver

Sentence To Seo (keywords, Description And Tags)

100%

Version	Status	Scheme	Platform
`[0,1.0]`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Sentence To SEO plugin to a version that addresses the CSRF flaw identified by CWE-352. If a patch is not available, disable or remove the plugin until an update is released.
Deploy a reputable security plugin (e.g., Wordfence or Sucuri) to monitor and block suspicious CSRF attempts, and enable strict nonce checks in all custom admin pages.
Restrict the number of users with administrative privileges, audit admin activity for unauthorized changes to plugin settings, and educate administrators on safe link practices.

Generated by OpenCVE AI on May 20, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L50
https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L75
https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L81
https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L87
https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L50
https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L75
https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L81
https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L87
https://www.wordfence.com/threat-intel/vulnerabilities/id/add32c06-90d0-466f-b176-aaae55cf03fb?source=cve

History

Wed, 20 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 20 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eazyserver Eazyserver sentence To Seo (keywords, Description And Tags) Wordpress Wordpress wordpress
Vendors & Products		Eazyserver Eazyserver sentence To Seo (keywords, Description And Tags) Wordpress Wordpress wordpress

Wed, 20 May 2026 02:15:00 +0000

Type	Values Removed	Values Added
Description		The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create_admin_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Title		Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters
Weaknesses		CWE-352
References		https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L50 https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L75 https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L81 https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L87 https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L50 https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L75 https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L81 https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L87 https://www.wordfence.com/threat-intel/vulnerabilities/id/add32c06-90d0-466f-b176-aaae55cf03fb?source=cve
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Subscriptions

Eazyserver Sentence To Seo (keywords, Description And Tags)

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-05-20T01:25:51.921Z

Updated: 2026-05-20T14:14:22.621Z

Reserved: 2026-04-15T20:04:05.316Z

Link: CVE-2026-6391

Vulnrichment

Updated: 2026-05-20T14:14:18.416Z

NVD

Status : Deferred

Published: 2026-05-20T02:16:37.347

Modified: 2026-05-20T13:54:54.890

Link: CVE-2026-6391

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-20T04:30:16Z

Weaknesses

CWE-352

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object