CVE-2026-24574
Description
Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.
This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in Export WP Page to Static HTML/CSS plugin (<=6.0.0) allows attackers to perform actions on behalf of authenticated admins.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Export WP Page to Static HTML/CSS plugin for WordPress, affecting versions from n/a through 6.0.0 [1]. The vulnerability allows an attacker to force privileged users to execute unwanted actions under their current authentication, without their knowledge [1].
Exploitation
An attacker can exploit this by crafting a malicious link or form and tricking a higher-privileged user (e.g., admin) into clicking it or submitting the form while authenticated to the WordPress site [1]. User interaction is required; the victim must perform the action.
Impact
Successful exploitation allows the attacker to perform actions on the victim's behalf, such as changing plugin settings or exporting data, potentially leading to unauthorized modifications or data disclosure [1]. The vulnerability has a CVSS v3 score of 6.5 (Medium severity) [1].
Mitigation
The vendor released version 6.0.1 to fix this vulnerability; users should update to 6.0.1 or later [1]. Patchstack users can enable auto-updates for vulnerable plugins [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=6.0.0+ 1 more
- (no CPE)range: <=6.0.0
- (no CPE)range: <=6.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.