Kenta Companion 1.3.3: Malicious Actions Can Be Forced

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

Kenta Companion 1.3.3: Malicious Actions Can Be Forced

CVE-2026-27090

Summary

A security weakness in Kenta Companion allows an attacker to trick users into performing unintended actions on their account. This affects versions 1.3.3 and earlier of Kenta Companion. Update to a fixed version to prevent potential unauthorized actions.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3.

nvd CVSS3.1 4.3

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Plugin/kenta-companion/vulnerability/w...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026