Coachify: Unapproved Requests Can Be Sent on Behalf of Users

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

Coachify: Unapproved Requests Can Be Sent on Behalf of Users

CVE-2026-25337

Summary

A security flaw in Coachify allows an attacker to trick users into performing unintended actions. This issue affects users of Coachify versions 1.1.5 and earlier. To protect your site, update to the latest version of Coachify as soon as possible.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.

nvd CVSS3.1 5.4

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Theme/coachify/vulnerability/wordpress...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026