A vulnerability, which was classified as problematic , was found in jay_patel Remove Yellow BGBOX Plugin up to 1.0 on WordPress. Affected is the function rybb_api_settings of the component Setting Handler . Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-8424 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.