PublishPress Revisions: Hackers can trick users into making changes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

PublishPress Revisions: Hackers can trick users into making changes

CVE-2026-25322

Summary

A security weakness in PublishPress Revisions makes it possible for hackers to trick users into making changes they didn't intend to make. This affects all versions of PublishPress Revisions up to 3.7.22. To stay safe, update to the latest version of PublishPress Revisions.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3...

Original description

nvd CVSS3.1 5.4

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Plugin/revisionary/vulnerability/wordp...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026