Platform
wordpress
Component
gamipress
Fixed in
7.6.7
CVE-2026-32420 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the GamiPress WordPress plugin. This flaw allows an attacker to potentially trigger unintended actions on a user's account within the plugin, leading to unauthorized modifications or data manipulation. The vulnerability impacts versions of GamiPress from 0.0.0 up to and including 7.6.6. A patch has been released in version 7.6.7.
A successful CSRF attack against GamiPress could allow an attacker to modify user profiles, change plugin settings, or perform other actions as the targeted user. This could result in data corruption, unauthorized access to sensitive information, or even complete control over the affected WordPress site's gamification features. The impact is amplified if the targeted user has administrative privileges within the GamiPress plugin, potentially granting the attacker broader control over the site's functionality. While CSRF typically requires user interaction (e.g., clicking a malicious link), the potential for automated exploitation makes this a significant concern.
CVE-2026-32420 was publicly disclosed on 2026-03-13. No public proof-of-concept (PoC) code has been released at the time of writing, but the CSRF nature of the vulnerability means that exploitation is relatively straightforward once a suitable attack vector is identified. The EPSS score is likely to be assessed as medium, given the ease of exploitation and potential impact. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting GamiPress.
Exploit Status
EPSS
0.02% (4% percentile)
CVSS Vector
The primary mitigation for CVE-2026-32420 is to immediately update the GamiPress plugin to version 7.6.7 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, ensure that all user accounts have strong, unique passwords and that two-factor authentication is enabled where possible. Regularly review WordPress plugin settings and user permissions to identify and address any potential vulnerabilities.
Update to version 7.6.7, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32420 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the GamiPress WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using GamiPress versions 0.0.0 through 7.6.6. Upgrade to 7.6.7 or later to mitigate the risk.
Update the GamiPress plugin to version 7.6.7 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
While no active exploitation has been confirmed, the CSRF nature of the vulnerability suggests a potential for exploitation. Monitor security advisories.
Refer to the GamiPress official website and WordPress plugin repository for the latest security advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.