CVE Catalog

CVE-2026-57766

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

The WPIDE – File Manager & Code Editor plugin version 3.5.6 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions in the context of the site administrator.

Risk Assessment

The risk involves the possibility of an attacker performing unwanted operations, such as modifying files or configuration, without the administrator's knowledge or consent, potentially leading to site takeover.

Recommendation

It is recommended to immediately update the WPIDE plugin to the latest available version that fixes this vulnerability. Also consider implementing CSRF protection mechanisms such as anti-CSRF tokens.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS