Plattform
wordpress
Komponente
movies-importer
Behoben in
1.0.1
CVE-2026-22359 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the AA-Team Wordpress Movies Bulk Importer plugin. This vulnerability allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of movie data. The vulnerability affects versions of the plugin up to and including 1.0. A fix is pending release from the vendor.
A successful CSRF attack could allow an attacker to manipulate the Movies Bulk Importer plugin without the user's knowledge or consent. This could involve adding malicious movie entries, modifying existing movie details (e.g., changing ratings, descriptions, or links), or even deleting legitimate movie data. The impact is amplified if the plugin is used in a high-traffic website or if it integrates with other critical systems. While the direct impact is limited to the plugin's functionality, a compromised plugin could be a stepping stone for further attacks on the WordPress site itself, particularly if other vulnerabilities exist.
CVE-2026-22359 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Websites utilizing the AA-Team Wordpress Movies Bulk Importer plugin, particularly those with a large user base or that handle sensitive movie data, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'AA-Team Movies Bulk Importer' /var/www/html/
wp plugin list | grep 'Movies Bulk Importer'• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=movies_bulk_importer_action¶m=malicious_param | grep -i 'csrf token'disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
As a fix is not yet available, immediate mitigation strategies are crucial. Implement strict input validation on all user-supplied data within the plugin to prevent malicious payloads. Consider using a Web Application Firewall (WAF) with CSRF protection rules to block suspicious requests. Additionally, enforce strong password policies and encourage users to enable two-factor authentication on their WordPress accounts. Regularly review and audit plugin configurations to identify any potential weaknesses. Once a patched version is released, upgrade immediately and verify the fix by attempting a CSRF attack using a known payload.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22359 is a Cross-Site Request Forgery vulnerability affecting the AA-Team Wordpress Movies Bulk Importer plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using the AA-Team Wordpress Movies Bulk Importer plugin in versions up to and including 1.0.
Upgrade to a patched version of the plugin when available. Until then, implement input validation and consider using a WAF with CSRF protection.
There are currently no known active exploits for CVE-2026-22359, but it's crucial to apply mitigations proactively.
Check the AA-Team website and the WordPress plugin repository for updates and advisories related to CVE-2026-22359.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.