Plateforme
wordpress
Composant
related-posts-thumbnails
Corrigé dans
4.3.3
CVE-2026-24596 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Related Posts Thumbnails Plugin for WordPress. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of content. The vulnerability affects versions from 0.0.0 up to and including 4.3.2, and a patch is available in version 4.3.3.
A successful CSRF attack could allow an attacker to modify plugin settings, add or delete related posts, or potentially compromise other functionalities exposed by the plugin. This could result in defacement of the website, unauthorized content publication, or even data loss. The impact is amplified if the plugin is used on high-traffic sites or sites with sensitive content, as a wider audience could be targeted. While the vulnerability requires user interaction (clicking a malicious link or visiting a crafted page), the ease of crafting such attacks makes it a significant risk.
This vulnerability was publicly disclosed on January 23, 2026. No public proof-of-concept (PoC) code has been identified at the time of writing, but the CSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely to be medium, reflecting the ease of exploitation and potential impact. Monitor WordPress security forums and vulnerability databases for any emerging exploitation attempts.
Websites using the Related Posts Thumbnails Plugin, particularly those with a large user base or handling sensitive data, are at risk. Shared hosting environments where plugin updates are managed centrally are also at increased risk, as they may be slower to apply security patches.
• wordpress / composer / npm:
grep -r 'marynix/related-posts-thumbnails' /var/www/html/
wp plugin list | grep related-posts-thumbnails• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=related_posts_thumbnail_action&nonce=malicious_noncedisclosure
Statut de l'Exploit
EPSS
0.01% (percentile 1%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade the Related Posts Thumbnails Plugin to version 4.3.3 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a temporary workaround by adding nonce validation to all sensitive plugin actions. This can help prevent unauthorized requests. Additionally, implement a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Regularly review WordPress plugin security best practices and ensure all plugins are kept up to date.
Mettre à jour vers la version 4.3.3, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-24596 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Related Posts Thumbnails Plugin for WordPress, allowing attackers to perform unauthorized actions.
Yes, if you are using Related Posts Thumbnails Plugin for WordPress versions 0.0.0 through 4.3.2, you are affected by this vulnerability.
Upgrade the plugin to version 4.3.3 or later to resolve the vulnerability. Consider temporary workarounds like nonce validation if immediate upgrade is not possible.
While no public exploits are currently known, the CSRF nature of the vulnerability suggests potential for exploitation, so vigilance is advised.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.