CVE-2026-22359
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aa-team | wordpress_movies_bulk_importer | From 1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Movies Bulk Importer Plugin version 1.0 and earlier. It allows an attacker to trick privileged users into performing unwanted actions while they are authenticated by having them click malicious links, visit crafted pages, or submit forms. The attacker does not need to be authenticated to initiate the attack, but user interaction is required. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions being executed on behalf of privileged users without their consent. This could result in changes or manipulations within the WordPress Movies Bulk Importer plugin environment. However, the impact is considered low severity with a CVSS score of 4.3, and exploitation is unlikely in practice due to the need for user interaction and difficulty of exploitation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection would generally involve reviewing if the WordPress Movies Bulk Importer Plugin version 1.0 or earlier is installed and in use, as the vulnerability affects these versions. Since this is a CSRF vulnerability, monitoring for suspicious user interactions or unexpected actions triggered by users might help, but no direct commands or network detection methods are specified. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable WordPress Movies Bulk Importer Plugin version 1.0 or earlier. Since there is no official fix or patched version available, administrators should consider disabling or removing the plugin to prevent exploitation. Additionally, educating users to avoid clicking on suspicious links or visiting untrusted pages while authenticated can reduce risk. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Movies Bulk Importer plugin affects compliance with common standards and regulations such as GDPR or HIPAA.