{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27050", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-17T13:23:30.505Z", "datePublished": "2026-02-19T08:27:09.603Z", "dateUpdated": "2026-04-28T16:14:59.935Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "realpress", "product": "RealPress", "vendor": "ThimPress", "versions": [{"changes": [{"at": "1.1.1", "status": "unaffected"}], "lessThanOrEqual": "1.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "hhhai | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:10.842Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.<p>This issue affects RealPress: from n/a through <= 1.1.0.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:59.935Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/realpress/vulnerability/wordpress-realpress-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T19:08:56.059761Z", "id": "CVE-2026-27050", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:50:35.162Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27050", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T19:08:56.059761Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T19:08:46.870Z"}}], "cna": {"title": "WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "hhhai | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ThimPress", "product": "RealPress", "versions": [{"status": "affected", "changes": [{"at": "1.1.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "packageName": "realpress", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-28T13:26:53.232Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/realpress/vulnerability/wordpress-realpress-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.<p>This issue affects RealPress: from n/a through <= 1.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:50.716Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27050", "state": "PUBLISHED", "dateUpdated": "2026-04-28T15:50:35.162Z", "dateReserved": "2026-02-17T13:23:30.505Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:27:09.603Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en ThimPress RealPress realpress permite falsificaci\u00f3n de petici\u00f3n en sitios cruzados. Este problema afecta a RealPress: desde n/d hasta &lt;= 1.1.0."}], "id": "CVE-2026-27050", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:26.387", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/realpress/vulnerability/wordpress-realpress-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "realpress", "vendor": "thimpress"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T00:09:20.412743+00:00", "value": {"mitigation_remediation": ["Upgrade the RealPress plugin to a version newer than 1.1.0, as the latest releases address the CSRF issue.", "If an immediate upgrade is not feasible, disable the RealPress plugin or remove the vulnerable endpoints until an update can be applied.", "Implement or verify that the plugin\u2019s state\u2011changing actions include a nonce or token for CSRF protection, and consider restricting sensitive actions to administrator\u2011only roles as an additional safeguard."], "summary": {"action": "Apply Patch", "impact": "CSRF that could allow an attacker to perform authorized actions on a WordPress site using the RealPress plugin"}, "threat_synthesis": {"affected_systems": "All installations of the RealPress plugin version 1.1.0 or earlier, distributed by ThimPress, are affected. The flaw resides in the plugin\u2019s handling of state\u2011changing requests without proper CSRF protection.", "description_and_impact": "The RealPress plugin for WordPress contains a Cross\u2011Site Request Forgery flaw that permits a malicious actor to persuade an authenticated visitor to issue privileged requests. By exploiting this vulnerability the attacker could alter site content, update settings, or perform any action that the logged\u2011in user is permitted to execute, thereby impacting the integrity and potentially the availability of the site.", "risk_and_exploitability": "The CVSS base score of 5.4 denotes a medium severity weakness. EPSS shows a very low exploitation probability of less than 1%, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the victim to be authenticated to the WordPress site and to click or submit a crafted link or form that submits data to the vulnerable endpoint. While it does not allow remote code execution, an attacker who succeeds can manipulate content or configuration in a way that affects confidentiality, integrity, and availability of the affected site."}}}}, "created": "2026-02-20T10:08:07.654484+00:00", "updated": "2026-04-16T00:15:18.638774+00:00", "vendors": ["thimpress", "thimpress$PRODUCT$realpress", "wordpress", "wordpress$PRODUCT$wordpress"]}