{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1032", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-16T02:49:02.440Z", "datePublished": "2026-03-26T13:26:06.519Z", "dateUpdated": "2026-04-08T17:03:20.048Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:03:20.048Z"}, "affected": [{"vendor": "themifyme", "product": "Conditional Menus", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4cf85d-6105-4f7d-b4a0-18a3513a93a8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/conditional-menus/tags/1.2.6/init.php#L190"}, {"url": "https://plugins.trac.wordpress.org/browser/conditional-menus/tags/1.2.6/init.php#L183"}, {"url": "https://plugins.trac.wordpress.org/changeset/3463814/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Daniel Basta"}], "timeline": [{"time": "2026-02-04T04:23:19.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-25T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:35:00.315987Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:51:15.456Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:35:00.315987Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:47:55.604Z"}}], "cna": {"title": "Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update", "credits": [{"lang": "en", "type": "finder", "value": "Daniel Basta"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "themifyme", "product": "Conditional Menus", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.2.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-04T04:23:19.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-25T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4cf85d-6105-4f7d-b4a0-18a3513a93a8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/conditional-menus/tags/1.2.6/init.php#L190"}, {"url": "https://plugins.trac.wordpress.org/browser/conditional-menus/tags/1.2.6/init.php#L183"}, {"url": "https://plugins.trac.wordpress.org/changeset/3463814/"}], "descriptions": [{"lang": "en", "value": "The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-26T13:26:06.519Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1032", "state": "PUBLISHED", "dateUpdated": "2026-03-26T17:51:15.456Z", "dateReserved": "2026-01-16T02:49:02.440Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-26T13:26:06.519Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Conditional Menus para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 1.2.6, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n 'save_options'. Esto hace posible que atacantes no autenticados modifiquen las asignaciones de men\u00fas condicionales a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2026-1032", "lastModified": "2026-04-24T16:35:20.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-26T14:16:08.507", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/conditional-menus/tags/1.2.6/init.php#L183"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/conditional-menus/tags/1.2.6/init.php#L190"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3463814/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4cf85d-6105-4f7d-b4a0-18a3513a93a8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.2.6]"}}], "enrichment": {"confidence": 96.0, "confidence_source": "matching", "scores": [{"score": 96.0, "source": "matching"}]}, "original": {"product": "Conditional Menus", "source": "cna", "vendor": "themifyme"}, "product": "conditional_menus", "vendor": "themify"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-26T15:02:48.246770+00:00", "value": {"mitigation_remediation": ["Update the Conditional Menus plugin to a version newer than 1.2.6", "If an update is not immediately possible, deactivate or remove the plugin", "Verify that the plugin files match the signed version from the author", "Educate site administrators about the risk of clicking unknown links or URLs", "Continuously monitor menu configuration for unauthorized changes"], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Request Forgery allowing menu assignment tampering"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Conditional Menus plugin by themifyme, versions up to and including 1.2.6 are vulnerable. No other product or version is listed as affected.", "description_and_impact": "The Conditional Menus plugin for WordPress suffers from a missing nonce validation in its save_options function. This flaw permits an unauthenticated attacker to forge a request that will change the assignment of conditional menus when a site administrator is tricked into clicking a malicious link. The resulting impact is unauthorized modification of menu structures, which can confuse users or redirect traffic to unintended destinations, compromising the site\u2019s navigation integrity.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity. Exploitation requires a social\u2011engineering precondition\u2014an administrator clicking a crafted URL\u2014so it is not a remote code execution but depends on user interaction. The EPSS score is not available and the issue is not listed in CISA\u2019s KEV catalog, suggesting limited known exploitation activity at present. Nonetheless, the described attack vector remains actionable and should be treated with caution."}}}}, "created": "2026-03-27T08:34:17.718583+00:00", "updated": "2026-03-27T09:26:45.838259+00:00", "vendors": ["themify", "themify$PRODUCT$conditional_menus", "wordpress", "wordpress$PRODUCT$wordpress"]}