WordPress teachPress प्लगइन <= 9.0.12 - क्रॉस साइट रिक्वेस्ट फोर्जरी (CSRF) भेद्यता
प्लेटफ़ॉर्म
wordpress
घटक
teachpress
में ठीक किया गया
9.0.13
CVE-2026-22483 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the teachPress WordPress plugin. This vulnerability allows an attacker to trick a logged-in user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin. The vulnerability impacts versions 0.0.0 through 9.0.12 of the teachPress plugin, and a fix is available in version 9.0.13.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
A successful CSRF attack could allow an attacker to modify settings, delete content, or perform other administrative actions within the teachPress plugin as the logged-in user. The impact is directly proportional to the privileges of the user being targeted. For example, if an administrator is tricked into performing an action, the attacker could gain full control over the plugin's configuration and potentially the associated data. This could lead to data breaches, website defacement, or denial of service. While CSRF typically requires social engineering to trick a user into clicking a malicious link, the potential impact can be significant, especially in environments with shared hosting or where user awareness is low.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2026-22483 was publicly disclosed on 2026-01-22. There is no indication of active exploitation campaigns targeting this vulnerability at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score reflects the potential impact and the relatively low complexity of exploiting CSRF vulnerabilities.
कौन जोखिम में हैअनुवाद हो रहा है…
Websites using the teachPress plugin, particularly those with shared hosting environments or where users are not adequately trained on security best practices, are at risk. Administrators and users with elevated privileges within the teachPress plugin are especially vulnerable to exploitation.
पहचान के चरणअनुवाद हो रहा है…
• wordpress / composer / npm:
grep -r 'teachPress/teachpress' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep teachPress• wordpress / composer / npm:
wp plugin update teachPress• generic web: Check for unexpected changes in teachPress plugin settings or data that could indicate unauthorized access.
हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.01% (0% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- आवश्यक — पीड़ित को फ़ाइल खोलनी, लिंक पर क्लिक करना या पेज पर जाना होगा।
- Scope
- अपरिवर्तित — प्रभाव केवल कमज़ोर घटक तक सीमित।
- Confidentiality
- कोई नहीं — गोपनीयता पर कोई प्रभाव नहीं।
- Integrity
- निम्न — हमलावर सीमित दायरे में कुछ डेटा बदल सकता है।
- Availability
- निम्न — आंशिक या रुक-रुक कर सेवा से इनकार।
प्रभावित सॉफ्टवेयर
पैकेज जानकारी
- सक्रिय इंस्टॉलेशन
- 2Kज्ञात
- प्लगइन रेटिंग
- 4.8
- WordPress आवश्यक
- 3.9+
- संगत संस्करण तक
- 6.9.4
- PHP आवश्यक
- 7.4+
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2026-22483 is to upgrade the teachPress plugin to version 9.0.13 or later. If an immediate upgrade is not possible due to compatibility issues or testing requirements, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, using a WordPress security plugin with CSRF protection can provide an extra layer of defense. Regularly review user permissions and implement the principle of least privilege to minimize the impact of a potential compromise. After upgrading, verify the fix by attempting to trigger a CSRF request through a separate browser session and confirming that the action is blocked or requires authentication.
कैसे ठीक करें
संस्करण 9.0.13 में अपडेट करें, या एक नया पैच किया गया संस्करण
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2026-22483 — CSRF in teachPress?
CVE-2026-22483 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the teachPress WordPress plugin, allowing attackers to perform unauthorized actions.
Am I affected by CVE-2026-22483 in teachPress?
You are affected if you are using teachPress versions 0.0.0 through 9.0.12. Upgrade to 9.0.13 or later to resolve the vulnerability.
How do I fix CVE-2026-22483 in teachPress?
Upgrade the teachPress plugin to version 9.0.13 or later. Consider implementing a Content Security Policy (CSP) as an additional layer of protection.
Is CVE-2026-22483 being actively exploited?
There is currently no indication of active exploitation campaigns targeting CVE-2026-22483.
Where can I find the official teachPress advisory for CVE-2026-22483?
Refer to the teachPress plugin documentation or website for the official advisory regarding CVE-2026-22483.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।