CVE-2026-9732 | planetshaker EmergencyWP Plugin up to 1.4.2 on WordPress Setting add_cap/remove_cap form_settings_ui cross-site request forgery

Inserito da Angelo Barbosa | Giu 3, 2026 | CVE

A vulnerability described as problematic has been identified in planetshaker EmergencyWP Plugin up to 1.4.2 on WordPress. This issue affects the function form_settings_ui of the file add_cap/remove_cap of the component Setting Handler. Executing a manipulation can lead to cross-site request forgery.

This vulnerability is handled as CVE-2026-9732. The attack can be executed remotely. There is not any exploit available.

CVE-2026-9732 | planetshaker EmergencyWP Plugin up to 1.4.2 on WordPress Setting add_cap/remove_cap form_settings_ui cross-site request forgery

Post correlati

CVE-2025-11939 | ChurchCRM up to 5.18.0 Backup Restore RestoreJob.php restoreFile path traversal

CVE-2024-39027 | SeaCMS up to 12.9 index.php cid sql injection (Issue 17)

CVE-2025-23038 | LabRedesCefetRJ WeGIA up to 3.2.5 remuneracao.php descricao cross site scripting (GHSA-rp2v-7hpw-m6qc)

CVE-2026-23567 | TeamViewer DEX Client up to 26.0 on Windows Content Distribution Service NomadBranch.exe heap-based overflow