平台
wordpress
组件
teachpress
修复版本
9.0.13
CVE-2026-22483 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the teachPress WordPress plugin. This vulnerability allows an attacker to trick a logged-in user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin. The vulnerability impacts versions 0.0.0 through 9.0.12 of the teachPress plugin, and a fix is available in version 9.0.13.
A successful CSRF attack could allow an attacker to modify settings, delete content, or perform other administrative actions within the teachPress plugin as the logged-in user. The impact is directly proportional to the privileges of the user being targeted. For example, if an administrator is tricked into performing an action, the attacker could gain full control over the plugin's configuration and potentially the associated data. This could lead to data breaches, website defacement, or denial of service. While CSRF typically requires social engineering to trick a user into clicking a malicious link, the potential impact can be significant, especially in environments with shared hosting or where user awareness is low.
CVE-2026-22483 was publicly disclosed on 2026-01-22. There is no indication of active exploitation campaigns targeting this vulnerability at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score reflects the potential impact and the relatively low complexity of exploiting CSRF vulnerabilities.
Websites using the teachPress plugin, particularly those with shared hosting environments or where users are not adequately trained on security best practices, are at risk. Administrators and users with elevated privileges within the teachPress plugin are especially vulnerable to exploitation.
• wordpress / composer / npm:
grep -r 'teachPress/teachpress' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep teachPress• wordpress / composer / npm:
wp plugin update teachPress• generic web: Check for unexpected changes in teachPress plugin settings or data that could indicate unauthorized access.
disclosure
漏洞利用状态
EPSS
0.01% (0% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-22483 is to upgrade the teachPress plugin to version 9.0.13 or later. If an immediate upgrade is not possible due to compatibility issues or testing requirements, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, using a WordPress security plugin with CSRF protection can provide an extra layer of defense. Regularly review user permissions and implement the principle of least privilege to minimize the impact of a potential compromise. After upgrading, verify the fix by attempting to trigger a CSRF request through a separate browser session and confirming that the action is blocked or requires authentication.
更新到 9.0.13 版本,或更新的修复版本
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-22483 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the teachPress WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using teachPress versions 0.0.0 through 9.0.12. Upgrade to 9.0.13 or later to resolve the vulnerability.
Upgrade the teachPress plugin to version 9.0.13 or later. Consider implementing a Content Security Policy (CSP) as an additional layer of protection.
There is currently no indication of active exploitation campaigns targeting CVE-2026-22483.
Refer to the teachPress plugin documentation or website for the official advisory regarding CVE-2026-22483.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。