RealPress allows hackers to trick users into doing something they didn't intend

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

RealPress allows hackers to trick users into doing something they didn't intend

CVE-2026-27050

Summary

The RealPress plugin in WordPress has a security issue that could allow an attacker to trick users into performing an unintended action on their website. If exploited, this could lead to unauthorized changes or actions on the site. To protect your site, update RealPress to the latest version or remove the plugin.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.

nvd CVSS3.1 5.4

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Plugin/realpress/vulnerability/wordpre...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026