A vulnerability has been found in F4 Post Tree Plugin up to 2.0.4 on WordPress and classified as critical . The impacted element is an unknown function of the component AJAX Action Handler . Performing a manipulation results in missing authorization. This vulnerability is identified as CVE-2026-9676 . The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.