CVE-2026-3772
Received Received - Intake
Cross-Site Request Forgery in WP Editor Plugin

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: Wordfence

Description
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'add_themes_page' functions. This makes it possible for unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with attacker-controlled code via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3772
EUVD
EUVD-2026-26497
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wp_editor wp_editor to 1.2.9.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability affects the WP Editor plugin for WordPress versions up to and including 1.2.9.2, due to missing nonce verification allowing Cross-Site Request Forgery (CSRF). Detection involves identifying if the vulnerable plugin version is installed and checking for unauthorized modifications to plugin or theme PHP files.

To detect the presence of the vulnerable WP Editor plugin version, you can check the installed plugin version via WordPress CLI:

  • wp plugin list | grep wp-editor

If the version is 1.2.9.2 or earlier, the site is vulnerable. To detect potential exploitation, you can look for unexpected changes in plugin or theme PHP files. For example, using git or file integrity monitoring tools to detect recent changes.

You can also search web server logs for suspicious POST requests to the plugin's add_plugins_page or add_themes_page endpoints that might indicate CSRF attempts.

Example commands to check for modified PHP files in the plugin or theme directories (assuming standard WordPress paths):

  • find wp-content/plugins/wp-editor -name '*.php' -exec stat -c '%y %n' {} + | sort -r
  • find wp-content/themes -name '*.php' -exec stat -c '%y %n' {} + | sort -r

Additionally, monitoring for unexpected admin actions or unusual user activity might help detect exploitation attempts.

Executive Summary

The WP Editor plugin for WordPress has a vulnerability known as Cross-Site Request Forgery (CSRF) in all versions up to and including 1.2.9.2. This vulnerability exists because the plugin's 'add_plugins_page' and 'add_themes_page' functions lack nonce verification, which is a security measure to confirm the legitimacy of requests.

Due to this missing verification, an attacker can trick a site administrator into performing an action unknowingly, such as clicking a malicious link. This allows the attacker to overwrite arbitrary plugin and theme PHP files with their own malicious code.

Impact Analysis

This vulnerability can have severe impacts because it allows an unauthenticated attacker to execute arbitrary code on your WordPress site by overwriting plugin and theme files.

  • Compromise of site integrity and security.
  • Potential full site takeover by attackers.
  • Loss of data confidentiality, integrity, and availability.
  • Possible defacement or malicious content injection.
Mitigation Strategies

To mitigate this vulnerability, you should update the WP Editor plugin to a version later than 1.2.9.2 where the nonce verification issue is fixed.

Additionally, avoid clicking on suspicious links that could trigger forged requests, especially if you have administrative privileges on the WordPress site.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart