CVE-2026-32420
Received Received - Intake
Cross-Site Request Forgery in GamiPress ≀ 7.6.6 Plugin

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32420
EUVD
EUVD-2026-11945
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ruben_garcia gamiress to 7.6.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32420 is a Cross Site Request Forgery (CSRF) vulnerability affecting the WordPress GamiPress Plugin versions up to and including 7.6.6.

This vulnerability allows a malicious actor to trick higher privileged users into executing unwanted actions while authenticated, by means such as clicking a crafted link, visiting a malicious page, or submitting a form.

Exploitation requires user interaction and a privileged user’s involvement.

It is classified under OWASP Top 10 A1: Broken Access Control, with a CVSS score of 5.4, indicating low severity and low priority.

Impact Analysis

This vulnerability can impact you by allowing an attacker to perform unwanted actions on your behalf if you are a privileged user and interact with malicious content.

Such actions could potentially alter settings or data within the GamiPress plugin without your consent.

However, the risk is considered low because exploitation requires user interaction and privileged user involvement.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a Cross Site Request Forgery (CSRF) issue affecting the GamiPress WordPress plugin versions up to 7.6.6. Detection typically involves monitoring for suspicious user actions or crafted requests that could trigger unwanted actions while a privileged user is authenticated.'}, {'type': 'paragraph', 'content': "Since exploitation requires user interaction and a privileged user's involvement, network detection might focus on identifying unusual HTTP requests or suspicious referrers targeting the GamiPress plugin endpoints."}, {'type': 'paragraph', 'content': 'There are no specific commands provided in the available resources to detect this vulnerability directly on your system or network.'}] [1]

Mitigation Strategies

The primary mitigation step is to update the GamiPress WordPress plugin to version 7.6.7 or later, where this CSRF vulnerability has been patched.

Additionally, users are advised to apply automated updates and vulnerability mitigation tools such as those provided by Patchstack to reduce risk.

Since exploitation requires user interaction, educating privileged users about the risks of clicking on suspicious links or visiting untrusted pages can also help mitigate potential attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart