CVE Catalog

CVE-2026-57761

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The SEOWP plugin version 3.12.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick an administrator into performing unintended actions without their knowledge.

Risk Assessment

The risk involves the possibility of executing unauthorized operations in the context of an administrator session, which could lead to modification of plugin settings or injection of malicious code.

Recommendation

It is recommended to immediately update the SEOWP plugin to the latest available version that fixes this vulnerability. Also consider implementing CSRF protection mechanisms such as anti-CSRF tokens.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS