CVE Catalog
CVE-2026-57757
HighCVSS 7.1Summary
The pCloud WP Backup plugin version 2.0.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick an administrator into performing unintended actions in the WordPress admin panel.
Risk Assessment
The risk involves the possibility of performing unauthorized operations on the administrator account, such as changing backup settings or deleting data, without the victim's knowledge.
Recommendation
It is recommended to immediately update the pCloud WP Backup plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.

