The Sertifier Certificate & Badge Maker plugin for WordPress contains a vulnerability due to insufficient nonce validation on its 'sertifier_settings' page. This flaw enables unauthenticated attackers to execute unauthorized actions, such as updating the plugin's API key, by tricking a site administrator into clicking a malicious link. It's critical for users to secure their installations and apply necessary updates to safeguard against such potential exploits.
https://securityvulnerability.io/vulner ... -2025-7841