A vulnerability, which was classified as problematic , has been found in tierrainnovation AJAX Report Comments Plugin up to 2.0.4 on WordPress. This impacts the function rc_options_page of the file /failure/already-reported of the component Setting Handler . This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2026-8902 . The attack may be initiated remotely. There is no available exploit.