CVE-2026-32420
Cross-Site Request Forgery in GamiPress β€ 7.6.6 Plugin
Publication date: 2026-03-13
Last updated on: 2026-03-13
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruben_garcia | gamiress | to 7.6.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32420 is a Cross Site Request Forgery (CSRF) vulnerability affecting the WordPress GamiPress Plugin versions up to and including 7.6.6.
This vulnerability allows a malicious actor to trick higher privileged users into executing unwanted actions while authenticated, by means such as clicking a crafted link, visiting a malicious page, or submitting a form.
Exploitation requires user interaction and a privileged userβs involvement.
It is classified under OWASP Top 10 A1: Broken Access Control, with a CVSS score of 5.4, indicating low severity and low priority.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to perform unwanted actions on your behalf if you are a privileged user and interact with malicious content.
Such actions could potentially alter settings or data within the GamiPress plugin without your consent.
However, the risk is considered low because exploitation requires user interaction and privileged user involvement.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a Cross Site Request Forgery (CSRF) issue affecting the GamiPress WordPress plugin versions up to 7.6.6. Detection typically involves monitoring for suspicious user actions or crafted requests that could trigger unwanted actions while a privileged user is authenticated.'}, {'type': 'paragraph', 'content': "Since exploitation requires user interaction and a privileged user's involvement, network detection might focus on identifying unusual HTTP requests or suspicious referrers targeting the GamiPress plugin endpoints."}, {'type': 'paragraph', 'content': 'There are no specific commands provided in the available resources to detect this vulnerability directly on your system or network.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the GamiPress WordPress plugin to version 7.6.7 or later, where this CSRF vulnerability has been patched.
Additionally, users are advised to apply automated updates and vulnerability mitigation tools such as those provided by Patchstack to reduce risk.
Since exploitation requires user interaction, educating privileged users about the risks of clicking on suspicious links or visiting untrusted pages can also help mitigate potential attacks.