CVE-2026-12158: WordPress Plugin Missing CSRF Protection Enables Admin Escalation — Casky — Casky