Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-24384
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.
References
Affected products
merge-minify-refresh
- =<<= 2.14