CVE-2026-57766
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The WPIDE – File Manager & Code Editor plugin version 3.5.6 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions in the context of the site administrator.
Risk Assessment
The risk involves the possibility of an attacker performing unwanted operations, such as modifying files or configuration, without the administrator's knowledge or consent, potentially leading to site takeover.
Recommendation
It is recommended to immediately update the WPIDE plugin to the latest available version that fixes this vulnerability. Also consider implementing CSRF protection mechanisms such as anti-CSRF tokens.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.

