CVE-2026-9732
Cross-Site Request Forgery in EmergencyWP Dead Man's Switch
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emergencywp | dead_mans_switch | to 1.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the EmergencyWP β Dead Man's switch & legacy deliverance plugin for WordPress to a version later than 1.4.2 where the nonce validation issue is fixed.
Additionally, avoid clicking on suspicious links and ensure that only trusted administrators have access to the WordPress admin area to prevent attackers from exploiting the Cross-Site Request Forgery vulnerability.
Can you explain this vulnerability to me?
The EmergencyWP β Dead Man's switch & legacy deliverance plugin for WordPress has a vulnerability known as Cross-Site Request Forgery (CSRF) in all versions up to and including 1.4.2.
This vulnerability exists because the plugin's form_settings_ui function, which handles saving settings, lacks proper nonce validation. This means attackers can trick a site administrator into performing unintended actions by clicking on a malicious link.
As a result, unauthenticated attackers can modify important plugin settings such as minimum access roles, data-erasure-on-uninstall flags, timing values, email addresses, confirmation page IDs, and date/time formats through forged requests.
How can this vulnerability impact me? :
This vulnerability can allow attackers to change critical plugin settings without authentication by tricking an administrator into clicking a malicious link.
- Alteration of WordPress role capabilities, potentially escalating or reducing user permissions.
- Modification of the data-erasure-on-uninstall flag, which could affect data retention or deletion policies.
- Changes to life-check timing values, mandator email addresses, confirmation page IDs, and date/time formats, potentially disrupting normal plugin operations.
Overall, this can lead to unauthorized configuration changes that may weaken site security or disrupt expected plugin behavior.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to modify plugin settings by exploiting a Cross-Site Request Forgery (CSRF) flaw, potentially altering WordPress role capabilities and data-erasure settings.
Such unauthorized modifications could impact compliance with standards like GDPR or HIPAA, especially if data-erasure-on-uninstall flags are changed or if access roles are improperly elevated, leading to potential unauthorized data access or retention.
However, the provided information does not explicitly detail the direct effects on compliance with these regulations.