{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1085", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-16T20:46:04.150Z", "datePublished": "2026-03-07T07:22:08.056Z", "dateUpdated": "2026-04-08T17:27:32.055Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:32.055Z"}, "affected": [{"vendor": "optimizza", "product": "True Ranker", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True Ranker account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db27ae52-1362-4acb-9410-49ad041770f6?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/trunk/admin/class-seolocalrank-admin.php#L768"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.9/admin/class-seolocalrank-admin.php#L768"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2026-03-06T18:49:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T17:31:58.610319Z", "id": "CVE-2026-1085", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T18:27:56.721Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1085", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T17:31:58.610319Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T17:31:59.742Z"}}], "cna": {"title": "True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "optimizza", "product": "True Ranker", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.2.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-06T18:49:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db27ae52-1362-4acb-9410-49ad041770f6?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/trunk/admin/class-seolocalrank-admin.php#L768"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.9/admin/class-seolocalrank-admin.php#L768"}], "descriptions": [{"lang": "en", "value": "The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True Ranker account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-07T07:22:08.056Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1085", "state": "PUBLISHED", "dateUpdated": "2026-03-09T18:27:56.721Z", "dateReserved": "2026-01-16T20:46:04.150Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-07T07:22:08.056Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True Ranker account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin True Ranker para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 2.2.9, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la acci\u00f3n seolocalrank-signout. Esto hace posible que atacantes no autenticados desconecten la cuenta de True Ranker del administrador a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2026-1085", "lastModified": "2026-04-22T21:27:27.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-07T08:16:09.197", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.9/admin/class-seolocalrank-admin.php#L768"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/trunk/admin/class-seolocalrank-admin.php#L768"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db27ae52-1362-4acb-9410-49ad041770f6?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.9]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "True Ranker", "source": "cna", "vendor": "optimizza"}, "product": "true_ranker", "vendor": "optimizza"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T19:48:54.830416+00:00", "value": {"mitigation_remediation": ["Update the True Ranker plugin to a version newer than 2.2.9 (or the latest stable release).", "If an immediate update is not feasible, disable the seolocalrank\u2011signout action or remove the plugin until a patch is available.", "After the update or disablement, monitor WordPress admin logs for signs of CSRF requests or unexpected sign\u2011out attempts."], "summary": {"action": "Update Plugin", "impact": "Cross\u2011Site Request Forgery that allows an unauthenticated attacker to disconnect an administrator\u2019s True Ranker account"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the True Ranker plugin from optimizza, versions up to and including 2.2.9. Users running any of these releases on WordPress sites are at risk.", "description_and_impact": "The True Ranker WordPress plugin lacks nonce validation on the seolocalrank\u2011signout action, allowing attackers to forge a request that disconnects an administrator's True Ranker account. This CSRF vulnerability permits unauthorized manipulation of the plugin\u2019s authentication state and can disrupt SEO management functions. The flaw does not grant direct code execution or data exfiltration.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, with an EPSS of less than 1%, suggesting a low probability of widespread exploitation. The attack requires that an unauthenticated adversary coerce an administrator into clicking a crafted URL or form, making social engineering a key prerequisite. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, further implying limited exploitation potential."}}}}, "created": "2026-03-09T10:05:33.160274+00:00", "updated": "2026-04-15T20:00:06.602960+00:00", "vendors": ["optimizza", "optimizza$PRODUCT$true_ranker", "wordpress", "wordpress$PRODUCT$wordpress"]}