NewsExo allows hackers to trick users into performing actions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

NewsExo allows hackers to trick users into performing actions

CVE-2026-39618

Summary

A security issue in NewsExo allows an attacker to trick users into performing unintended actions on the website. This could lead to unauthorized changes or data loss. To protect against this, update NewsExo to a version 7.2 or higher.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Theme/newsexo/vulnerability/wordpress-...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026