CVE-2026-24596 PUBLISHED

WordPress Related Posts Thumbnails Plugin for WordPress plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Assigner: Patchstack
Reserved: 23.01.2026 Published: 23.01.2026 Updated: 23.01.2026

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1.

Product Status

Vendor	marynixie
Product	Related Posts Thumbnails Plugin for WordPress
Versions	Default: unaffected affected from n/a to <= 4.3.1 (incl.)

Credits

Carlos Ferreira | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/related-posts-thumbnails/vulnerability/wordpress-related-posts-thumbnails-plugin-for-wordpress-plugin-4-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Problem Types

Cross-Site Request Forgery (CSRF) CWE

Impacts

Cross Site Request Forgery