cbcvebase.
CVE-2026-0740

CVE-2026-0740: ## CVE-2025-67469 : WordPress vulnerability analysis and mitigation Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator…

PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
54.25%
98.9th percentile
## CVE-2025-67469 :
WordPress vulnerability analysis and mitigation


Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4.

Source : NVD


## 8.8


Score

Published December 9, 2025

Severity HIGH

CNA Score 8.8

Affected Technologies

WordPress

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 6.4

Exploitation Probability (EPSS) N/A

Affected packages and libraries

pdf-thumbnail-generator

Sources

NVD


## Get a CVE risk assessment


Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.


## Related WordPress vulnerabilities:


CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-0740

CRITICAL

9.8

WordPress

ninja-forms-uploads

No

Yes

Apr 07, 2026

CVE-2026-3666

HIGH

8.8

WordPress

wpforo

No

Yes

Apr 04, 2026

CVE-2026-1233

HIGH

7.5

WordPress

text-to-speech-tts

No

Yes

Apr 04, 2026

CVE-2026-2936

HIGH

7.2

WordPress

visitors-traffic-real-time-statistics

No

Yes

Apr 04, 2026

CVE-2026-3309

MEDIUM

6.5

WordPress

wp-user-avatar

No

Yes

Apr 04, 2026

Free Vulnerability Assessment


## Benchmark your Cloud Security Posture


Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.


## Additional Wiz resources


## Cloud Vulnerability DB


A community-led vulnerabilities database


## Cloud Threat Landscape


A threat intelligence database


## PEACH


A tenant isolation framework

Get a personalized demo


## Ready to see Wiz in action?


"Best User Experience I have ever seen, provides full visibility to cloud workloads."

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

"We kn

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
commandaction=nf_fu_get_new_nonce&field_id={{field_id}}
commandaction=nf_fu_upload
path/wp-admin/admin-ajax.php
othernfpluginsettings.js?ver=
  • Detect nonce-fetching probe: unauthenticated POST to /wp-admin/admin-ajax.php with action=nf_fu_get_new_nonce
  • Detect exploit upload attempt: unauthenticated POST to /wp-admin/admin-ajax.php with action=nf_fu_upload and multipart file data
  • Successful upload response contains the strings 'data":{"files', 'tmp_name":', and 'new_tmp_key":' — alert on these in admin-ajax.php responses
  • Fingerprint vulnerable WordPress installations by presence of 'nfpluginsettings.js' in page body (used by Shodan/FOFA queries)
  • Extract plugin version from 'nfpluginsettings.js?ver=<version>' in page source; flag versions <= 3.3.26
  • The exploit uses a disguised upload: file is sent with Content-Type image/jpeg and filename 'image.jpg' but a secondary field 'image_jpg' carries a .txt extension — monitor for mismatched MIME/extension in Ninja Forms upload requests
  • ·The exploit is two-stage: first request fetches a nonce via action=nf_fu_get_new_nonce, second request uses that nonce for the actual upload via action=nf_fu_upload — both requests are unauthenticated
  • ·A random large integer is used as both form_id and field_id, meaning detections based on fixed field values will not work; focus on the action parameter values instead
  • ·Version check relies on the ver= query parameter of nfpluginsettings.js in the page source; this fingerprint may be absent on cached or heavily modified WordPress frontends
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.