CVE-2026-32456
Received Received - Intake
Cross-Site Request Forgery in Admin Menu Editor

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-13
Generated
2026-05-07
AI Q&A
2026-03-13
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32456
EUVD
EUVD-2026-12011
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
janis_elsts admin_menu_editor From 1.0 (inc) to 1.14.1 (inc)
janis_elsts admin_menu_editor to 1.14.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-32456 vulnerability, users should update the WordPress Admin Menu Editor Plugin to version 1.15 or later, where the issue has been patched.

Additionally, using automatic update tools such as those offered by Patchstack can provide rapid protection by ensuring vulnerable plugins are updated promptly.

Since the vulnerability requires privileged user interaction, minimizing the number of users with elevated privileges and educating users about the risks of clicking untrusted links can also help reduce the risk.


Can you explain this vulnerability to me?

CVE-2026-32456 is a Cross Site Request Forgery (CSRF) vulnerability affecting the WordPress Admin Menu Editor Plugin versions up to and including 1.14.1.

This vulnerability allows a malicious actor to trick privileged users into executing unwanted actions while authenticated, such as by clicking a malicious link, visiting a crafted page, or submitting a form.

The exploit requires user interaction and targets users with elevated privileges, but it does not require the attacker to be authenticated.


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': 'This vulnerability can lead to unauthorized actions being performed on your WordPress site by tricking privileged users into executing them unknowingly.'}, {'type': 'paragraph', 'content': "Since it targets users with elevated privileges, it could result in changes to the admin menu or other administrative functions without the user's consent."}, {'type': 'paragraph', 'content': 'However, the impact is considered low severity with a CVSS score of 4.3, and exploitation requires user interaction.'}] [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart