Nixpkgs security tracker

Permalink CVE-2026-24384

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months, 3 weeks ago

WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.

References

https://patchstack.com/database/Wordpress/Plugin/merge-minify-refresh/vulnerabi… vdb-entry

Affected products

merge-minify-refresh

=<<= 2.14

Matching in nixpkgs

pkgs.wordpressPackages.plugins.merge-minify-refresh

None

nixos-unstable 2.12
- nixpkgs-unstable 2.12
- nixos-unstable-small 2.12
nixos-25.11 2.12
- nixpkgs-25.11-darwin 2.12

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.wordpressPackages.plugins.merge-minify-refresh