CVE-2026-22360
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22360 is a Cross Site Request Forgery (CSRF) vulnerability in the WordPress SearchAzon Plugin versions up to and including 1.4. It allows an attacker to trick higher privileged users into executing unwanted actions while authenticated by having them click a malicious link, visit a crafted page, or submit a form. Exploitation requires user interaction but no authentication is needed to initiate the attack. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized actions being performed on behalf of authenticated users with higher privileges, potentially compromising the integrity of the affected system. However, it is considered low severity with a CVSS score of 4.3 and is unlikely to be exploited with significant impact. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix is currently available for this vulnerability, immediate mitigation steps include avoiding clicking on suspicious links or visiting untrusted pages while authenticated in the SearchAzon plugin environment. Additionally, limit user privileges to reduce risk, and monitor for unusual user actions. Applying general CSRF protections such as using anti-CSRF tokens in forms and ensuring proper access controls can help mitigate risk until a patch is released. [1]