CVE-2026-27050
Cross-Site Request Forgery in RealPress β€ 1.1.0 Allows Unauthorized Actions
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thimpress | realpress | to 1.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27050 is a Cross Site Request Forgery (CSRF) vulnerability found in the WordPress RealPress Plugin versions up to and including 1.1.0.'}, {'type': 'paragraph', 'content': 'This vulnerability allows a malicious actor to trick users with higher privileges into performing unwanted actions while they are authenticated. This can happen if the user clicks a malicious link, visits a crafted webpage, or submits a malicious form.'}, {'type': 'paragraph', 'content': "The attack requires user interaction and targets the plugin's broken access control mechanisms."}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a Cross Site Request Forgery (CSRF) issue affecting the WordPress RealPress Plugin up to version 1.1.0. Detection typically involves monitoring for suspicious HTTP requests that attempt to perform unauthorized actions while a privileged user is authenticated.
Since this is a CSRF vulnerability, detection on the network or system level can be challenging because the attack requires user interaction and valid authentication tokens.
No specific detection commands or tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting the use of the RealPress plugin to trusted users only and educating privileged users to avoid clicking on suspicious links or visiting untrusted pages while authenticated.
Since no official patch is available as of the report date, consider disabling or removing the RealPress plugin until a patched version is released.
Implement additional security measures such as enabling multi-factor authentication and using web application firewalls (WAF) to help block malicious requests.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to perform unauthorized actions on behalf of a privileged user without their consent.
However, the impact is considered low severity with a CVSS score of 5.4, and exploitation requires the privileged user to interact with malicious content.
Because of these factors, the vulnerability is considered unlikely to be widely exploited.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know