A vulnerability categorized as problematic has been discovered in russellr Tectite Forms Plugin up to 1.3 on WordPress. Impacted is the function admin_init of the component Setting Handler . Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-9599 . It is possible to launch the attack remotely. No exploit is available.