What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End hide-admin-bar-from-front-end allows Cross Site Request Forgery.This issue affects Hide Admin Bar From Front End: from n/a through <= 1.0.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Hide Admin Bar From Front End plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability in versions up to 1.0.0. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the site without the admin's knowledge or consent. The vulnerability requires user interaction—the admin must click the malicious link or visit a compromised page.
What an attacker can do
03Attacker Capabilities
Perform unwanted actions on the site by tricking a logged-in admin into clicking a malicious link.
Potential impact on your site
04Site Impact
An attacker can modify site settings or perform administrative actions without your permission if you click a malicious link while logged in.
Conditions required to exploit
05Prerequisites
A logged-in WordPress administrator must visit a page or click a link controlled by the attacker.
Key dates
06Disclosure timeline
June 27, 2025
CVE published
April 28, 2026
Record updated