CVE-2026-6292

MEDIUM EPSS 7.3%
Published Jun 24, 20266d ago · Modified Jun 24, 20266d ago
4.3 CVSS 3.1
Medium
Find Similar
Published Jun 24, 2026 6d ago
Last Modified Jun 24, 2026 6d ago

Description

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is due to a completely broken nonce validation in the enter_mpclp_login_options() function, which contains an inverted check (if wp_verify_nonce(...) { return false; }) and is missing the required action parameter for wp_verify_nonce(). As a result, the nonce check is effectively dead code: it never blocks malicious requests because a CSRF-supplied empty/invalid nonce always returns false, satisfying the inverted condition to continue execution. Furthermore, the settings-update handler is hooked on init without any capability check. This makes it possible for unauthenticated attackers to modify all plugin setting, including login page background, logo URL, image dimensions, button colors, and login message, by tricking a logged-in administrator into submitting a crafted request.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
7.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

References 5

  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/mp-customize-login-page/tags/1.0/class.mp-customize-login-page.php#L103
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/mp-customize-login-page/tags/1.0/class.mp-customize-login-page.php#L13
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/mp-customize-login-page/trunk/class.mp-customize-login-page.php#L103
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/mp-customize-login-page/trunk/class.mp-customize-login-page.php#L13
  • wordfence.com https://www.wordfence.com/threat-intel/vulnerabilities/id/b9216875-8cb6-45a7-b23b-19d13f8b49dc?source=cve

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.