CVE-2026-9732
Deferred Deferred - Pending Action
Cross-Site Request Forgery in EmergencyWP Dead Man's Switch

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: Wordfence

Description
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the form_settings_ui (settings save handler, procedural include scope) function. This makes it possible for unauthenticated attackers to modify plugin settings including the minimum access role (altering WordPress role capabilities via add_cap/remove_cap), the data-erasure-on-uninstall flag, life-check timing values, the mandator email address, the confirmation page ID, and date/time formats via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-23
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-9732
EUVD
EUVD-2026-34055
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
emergencywp dead_mans_switch to 1.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress has a vulnerability known as Cross-Site Request Forgery (CSRF) in all versions up to and including 1.4.2.

This vulnerability exists because the plugin's form_settings_ui function, which handles saving settings, lacks proper nonce validation. This means attackers can trick a site administrator into performing unintended actions by clicking on a malicious link.

As a result, unauthenticated attackers can modify important plugin settings such as minimum access roles, data-erasure-on-uninstall flags, timing values, email addresses, confirmation page IDs, and date/time formats through forged requests.

Compliance Impact

The vulnerability allows unauthenticated attackers to modify plugin settings by exploiting a Cross-Site Request Forgery (CSRF) flaw, potentially altering WordPress role capabilities and data-erasure settings.

Such unauthorized modifications could impact compliance with standards like GDPR or HIPAA, especially if data-erasure-on-uninstall flags are changed or if access roles are improperly elevated, leading to potential unauthorized data access or retention.

However, the provided information does not explicitly detail the direct effects on compliance with these regulations.

Impact Analysis

This vulnerability can allow attackers to change critical plugin settings without authentication by tricking an administrator into clicking a malicious link.

  • Alteration of WordPress role capabilities, potentially escalating or reducing user permissions.
  • Modification of the data-erasure-on-uninstall flag, which could affect data retention or deletion policies.
  • Changes to life-check timing values, mandator email addresses, confirmation page IDs, and date/time formats, potentially disrupting normal plugin operations.

Overall, this can lead to unauthorized configuration changes that may weaken site security or disrupt expected plugin behavior.

Mitigation Strategies

To mitigate this vulnerability, you should update the EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress to a version later than 1.4.2 where the nonce validation issue is fixed.

Additionally, avoid clicking on suspicious links and ensure that only trusted administrators have access to the WordPress admin area to prevent attackers from exploiting the Cross-Site Request Forgery vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart