Plattform
wordpress
Komponente
inquiry-cart
Behoben in
3.4.3
3.4.3
A Cross-Site Request Forgery (CSRF) vulnerability exists within the Inquiry Cart plugin for WordPress, affecting versions up to and including 3.4.2. This flaw allows unauthenticated attackers to manipulate plugin settings through forged requests, potentially leading to the injection and execution of malicious scripts within the WordPress admin area. Promptly updating to a patched version is crucial to address this security risk.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to modify the Inquiry Cart plugin's configuration without authentication. By crafting a malicious request and tricking an administrator into clicking a link or visiting a compromised page, an attacker can inject arbitrary scripts into the plugin's settings. These scripts could then be executed whenever an administrator accesses the plugin's admin interface, potentially leading to account compromise, data theft, or further malicious activity on the WordPress site. The blast radius extends to any sensitive data handled by the Inquiry Cart plugin, as attackers could leverage injected scripts to exfiltrate or modify this information. This vulnerability shares similarities with other CSRF exploits where user interaction is required to trigger the attack.
CVE-2026-4090 was publicly disclosed on 2026-04-21. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The immediate mitigation for CVE-2026-4090 is to upgrade the Inquiry Cart plugin to a version that addresses the CSRF vulnerability. The vendor has not yet released a fixed version, so monitor their website for updates. As a temporary workaround, implement strict Content Security Policy (CSP) headers to restrict the execution of inline scripts and external resources. Additionally, consider using a WordPress security plugin that provides CSRF protection for plugins. Regularly review plugin settings and user permissions to identify any unauthorized changes. After upgrading, verify the plugin's settings and functionality to ensure proper operation.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability im Detail und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-4090 is a Cross-Site Request Forgery (XSRF) vulnerability affecting the Inquiry Cart WordPress plugin versions up to 3.4.2. It allows attackers to manipulate plugin settings via forged requests.
Yes, if you are using the Inquiry Cart plugin in WordPress and are running version 3.4.2 or earlier, you are vulnerable to this XSRF attack.
Upgrade the Inquiry Cart plugin to the latest version that addresses this vulnerability. If immediate upgrade is not possible, implement a WAF with XSRF protection.
While no widespread exploitation has been reported, the vulnerability's nature makes it easily exploitable, so active exploitation is possible.
Check the Inquiry Cart plugin's official website and WordPress plugin repository for the latest security updates and advisories related to CVE-2026-4090.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.