Cross-Site Request Forgery Vulnerability in Export WP Page to Static HTML/CSS Plugin by WordPress
CVE-2026-24574

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Export WP Page To Static Html/css
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-24574?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Export WP Page to Static HTML/CSS plugin for WordPress. This vulnerability allows an attacker to exploit the trust a user has in a web application, effectively enabling unauthorized actions. Affected versions range from n/a up to 6.0.0, presenting a potential risk for sites utilizing this plugin. Proper security measures should be implemented to mitigate this vulnerability, ensuring the integrity and safety of user interactions.

Affected Version(s)

Export WP Page to Static HTML/CSS <= 6.0.0

References

https://patchstack.com/database/wordpress/plugin/export-w...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
Jan 23, 2026

Credit

Nabil Irawan | Patchstack Bug Bounty Program

CVE-2026-24574 Data

JSON