CVE-2026-57655
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
The vulnerability allows an unauthenticated attacker to perform a Cross-Site Request Forgery (CSRF) in the Child Theme Wizard plugin version 1.4 and earlier. The attack can lead to unauthorized changes in the plugin configuration without the administrator's knowledge.
Risk Assessment
The risk involves the possibility of an attacker taking control of child theme settings, which could result in malicious code injection or compromise of site integrity.
Recommendation
Immediately update the Child Theme Wizard plugin to the latest available version that fixes this vulnerability. In the meantime, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

