CVE-2026-57786
purethemes · WorkScout-Core
A Cross-Site Request Forgery (CSRF) vulnerability in the WorkScout-Core WordPress plugin enables an attacker to perform unauthorized actions, potentially leading to authentication bypass.
Executive summary
A Cross-Site Request Forgery (CSRF) vulnerability in the purethemes WorkScout-Core plugin allows attackers to manipulate administrative actions, leading to potential authentication bypass.
Vulnerability
This is a CSRF vulnerability (CWE-352) that allows an attacker to trick an authenticated user into performing unintended actions. When combined with the plugin's functionality, this can lead to an effective authentication bypass, granting the attacker unauthorized access.
Business impact
The CVSS score of 8.8 reflects the high risk of this vulnerability. By forcing an administrator or privileged user to execute malicious requests, an attacker can gain unauthorized administrative access, modify site configurations, or inject malicious content, causing significant reputational and operational damage.
Remediation
Immediate Action: Immediately deactivate or uninstall the WorkScout-Core plugin until a security update is released that implements proper CSRF protection (e.g., nonces).
Proactive Monitoring: Review administrative audit logs for suspicious activity or unauthorized account changes that occur without clear administrative intent.
Compensating Controls: Ensure all administrative sessions are protected and consider using a WAF that inspects and validates the integrity of state-changing requests to prevent CSRF.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the high CVSS score and the potential for complete authentication bypass, this vulnerability poses a severe risk to site security. Administrators should prioritize the deactivation of the plugin and monitor vendor channels for an official patch.