Plataforma
wordpress
Componente
searchazon
Corregido en
1.4.1
CVE-2026-22360 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the SearchAzon WordPress plugin. This vulnerability allows an attacker to potentially perform unauthorized actions on a user's account if they are tricked into clicking a malicious link. The vulnerability impacts versions of SearchAzon from 0.0.0 through 1.4. A patch is expected to be released by the vendor.
A successful CSRF attack could allow an attacker to modify settings, add or remove products, or perform other actions as the logged-in user without their knowledge or consent. This could lead to data corruption, unauthorized changes to the website’s functionality, or even account takeover. The impact is particularly severe if the website administrator account is targeted, as this could grant the attacker full control over the WordPress site. While CSRF attacks typically require social engineering to trick a user into clicking a malicious link, the ease of exploitation makes this a significant risk, especially for sites with a large user base.
CVE-2026-22360 was publicly disclosed on January 22, 2026. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog at this time. Given the relatively low CVSS score and lack of public exploits, the immediate exploitation probability is considered low, but proactive mitigation is still recommended.
Websites using the SearchAzon plugin, particularly those with user accounts and sensitive data, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a vulnerability in one site could potentially be exploited to compromise others.
• wordpress / composer / npm:
grep -r 'searchazon.com/api/' /var/www/html/wp-content/plugins/• generic web:
curl -I https://your-wordpress-site.com/ | grep -i 'csrf-token'disclosure
Estado del Exploit
EPSS
0.02% (4% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-22360 is to upgrade to a patched version of the SearchAzon plugin as soon as it becomes available. Until the patch is released, consider implementing additional security measures such as enabling CSRF protection in WordPress itself (if not already enabled) and using a Web Application Firewall (WAF) that can detect and block CSRF attacks. Carefully review any plugin updates or changes before applying them to minimize the risk of introducing new vulnerabilities. Monitor website logs for suspicious activity that might indicate a CSRF attempt.
No se conoce ninguna solución disponible. Por favor, revise los detalles de la vulnerabilidad en profundidad y aplique mitigaciones basadas en la tolerancia al riesgo de su organización. Puede ser mejor desinstalar el software afectado y buscar un reemplazo.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-22360 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–1.4 of the SearchAzon WordPress plugin, allowing attackers to perform unauthorized actions.
If you are using SearchAzon WordPress plugin versions 0.0.0 through 1.4, you are potentially affected by this vulnerability.
Upgrade to a patched version of the SearchAzon plugin as soon as it becomes available. Until then, consider enabling CSRF protection and using a WAF.
Currently, there are no publicly known active exploitation campaigns targeting CVE-2026-22360, but proactive mitigation is still recommended.
Check the AA-Team website and the WordPress plugin repository for updates and advisories related to CVE-2026-22360.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.