Plataforma
wordpress
Componente
pawfriends
Corregido en
1.3.1
CVE-2026-22382 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the PawFriends - Pet Shop and Veterinary WordPress Theme. This vulnerability allows an attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to data modification or unauthorized operations. The vulnerability affects versions from 0.0.0 through 1.3. A fix is expected in a future release.
A successful CSRF attack could allow an attacker to perform actions as a logged-in user of the PawFriends WordPress theme. This could include modifying user profiles, creating or deleting content, or performing other administrative tasks depending on the user's privileges. The blast radius is limited to the scope of actions the affected user can perform within the WordPress site. While no immediate exploitation patterns are apparent, CSRF vulnerabilities are often exploited through phishing or malicious websites that trick users into clicking malicious links while logged into the vulnerable site.
CVE-2026-22382 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog. The probability of exploitation is considered low due to the lack of public exploits and the relatively simple nature of CSRF attacks, which often rely on social engineering.
Websites using the PawFriends - Pet Shop and Veterinary WordPress Theme, particularly those with users who have administrative privileges, are at risk. Shared hosting environments where multiple websites share the same server resources could also be affected if one site is running a vulnerable version of the theme.
• wordpress / composer / npm:
grep -r 'pawfriends_settings_url' /var/www/html/*• wordpress / composer / npm:
wp plugin list | grep pawfriends• wordpress / composer / npm:
wp plugin update pawfriends --alldisclosure
Estado del Exploit
EPSS
0.02% (4% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-22382 is to upgrade to a patched version of the PawFriends WordPress theme when it becomes available. Until a patch is released, consider implementing additional security measures such as adding CSRF tokens to all sensitive forms and actions within the theme. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can also provide an additional layer of protection. Regularly review user roles and permissions to minimize the potential impact of a successful attack.
No se conoce ningún parche disponible. Por favor, revise los detalles de la vulnerabilidad en profundidad y aplique mitigaciones basadas en la tolerancia al riesgo de su organización. Puede ser mejor desinstalar el software afectado y buscar un reemplazo.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-22382 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the PawFriends WordPress theme, allowing attackers to forge requests as authenticated users.
You are affected if your website uses the PawFriends WordPress theme and is running a version between 0.0.0 and 1.3, inclusive.
Upgrade to a patched version of the PawFriends WordPress theme when available. Implement CSRF tokens and WAF rules as temporary mitigations.
There are currently no confirmed reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the Mikado-Themes website and WordPress plugin repository for updates and advisories regarding CVE-2026-22382.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.