CVE-2026-22483
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teachpress | teachpress | to 9.0.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or patched version is currently available for this CSRF vulnerability in the teachPress plugin up to version 9.0.12, immediate mitigation steps include limiting privileged user interactions with untrusted links or pages, educating users about the risk of clicking suspicious links, and considering disabling or removing the vulnerable plugin until a patch is released. [1]
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the winkm89 teachPress plugin, which allows attackers to perform unauthorized actions on behalf of an authenticated user without their consent.
How can this vulnerability impact me? :
An attacker exploiting this CSRF vulnerability could trick an authenticated user into executing unwanted actions, potentially leading to unauthorized changes or data manipulation within the teachPress plugin environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this Cross-Site Request Forgery (CSRF) vulnerability in the teachPress plugin affects compliance with common standards and regulations such as GDPR or HIPAA.