CVE-2026-22382
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-05-07
AI Q&A
2026-01-22
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22382
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mikado-themes pawfriends From 1.0 (inc) to 1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-22382 is a Cross Site Request Forgery (CSRF) vulnerability in the PawFriends - Pet Shop and Veterinary WordPress Theme (versions up to 1.3). It allows an attacker to trick privileged users into performing unwanted actions while they are authenticated by having them click a malicious link, visit a crafted page, or submit a form. The attacker does not need to be authenticated, but the attack requires the privileged user's interaction. [1]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized actions being performed on behalf of privileged users without their consent. Although the severity is considered low (CVSS 5.4), it could allow attackers to manipulate site settings or content if a privileged user is tricked into interacting with malicious content. However, it is unlikely to be widely exploited and poses a low-impact threat. [1]


What immediate steps should I take to mitigate this vulnerability?

Since no official fix or patched version is currently available for this CSRF vulnerability in the PawFriends WordPress theme, immediate mitigation steps include limiting privileged user interactions with untrusted links or pages, educating users about the risk of clicking unknown links, and implementing additional security controls such as web application firewalls or CSRF protection plugins to reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart