What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through <= 1.0.32.
Explanation of Vulnerability in Simple Terms
02Summary
Simple Page Access Restriction versions up to 1.0.32 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unauthorized actions on the plugin's settings or protected pages. The vulnerability requires the victim to click the link or visit the attacker's page.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions on the plugin by tricking an admin into clicking a malicious link.
Potential impact on your site
04Site Impact
Plugin settings or page access restrictions could be modified without your knowledge or consent.
Conditions required to exploit
05Prerequisites
Site admin must be logged in and visit attacker-controlled page or click a malicious link.
Key dates
06Disclosure timeline
August 27, 2025
CVE published
May 12, 2026
Record updated