CVE Catalog

CVE-2026-56024

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

The WP EasyPay WordPress plugin contains a CSRF vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in administrator. The flaw affects all versions up to and including 4.5.0.

Risk Assessment

An attacker can exploit CSRF to modify plugin settings, inject fake transactions, or steal data, compromising system integrity and confidentiality.

Recommendation

Immediately update the WP EasyPay plugin to the latest available version that fixes this vulnerability. Also implement CSRF token mechanisms in all forms.

Original NVD description (English source)

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.5.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS