CVE Catalog

CVE-2026-57655

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to perform a Cross-Site Request Forgery (CSRF) in the Child Theme Wizard plugin version 1.4 and earlier. The attack can lead to unauthorized changes in the plugin configuration without the administrator's knowledge.

Risk Assessment

The risk involves the possibility of an attacker taking control of child theme settings, which could result in malicious code injection or compromise of site integrity.

Recommendation

Immediately update the Child Theme Wizard plugin to the latest available version that fixes this vulnerability. In the meantime, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS