A vulnerability labeled as problematic has been found in jamesmuga Remove NoFollow Commenter URL Plugin up to 1.0 on WordPress. The impacted element is the function gmz_comment_settings_save of the component Setting Handler . The manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-9730 . The attack can be launched remotely. No exploit exists.