CVE-2026-57761 HIGH

CVE-2026-57761: WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability

Vendor Blueastralthemes
Product SEOWP
Weakness CWE-352 · CSRF
Published July 2, 2026
Last update July 2, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.

Explanation of Vulnerability in Simple Terms

02Summary

SEOWP versions up to 3.12.2 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in user. The vulnerability requires the user to visit a malicious page while authenticated. An attacker can modify site settings, create content, or change configurations without the user's knowledge.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions on the site (change settings, create content) on behalf of a logged-in user.

Potential impact on your site

04Site Impact

Site settings, content, or user accounts could be modified by attackers without your knowledge or consent.

Conditions required to exploit

05Prerequisites

A logged-in site user must visit an attacker-controlled page or click a malicious link.

Key dates

06Disclosure timeline

July 2, 2026 CVE published
July 2, 2026 Record updated

Related vulnerabilities

08Related CVE