Cross-Site Request Forgery Vulnerability in Zita Elementor Site Library Plugin by WordPress
CVE-2026-25319

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Zita Elementor Site Library
Vendor: CVE Published:; 19 February 2026

What is CVE-2026-25319?

The Zita Elementor Site Library for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability, affecting versions up to 1.6.6. This security flaw allows attackers to deceive authenticated users into executing unwanted actions on a web application. When the target user is tricked into clicking a malicious link or loading a malicious website, the attacker can potentially manipulate the user’s privileges or perform actions without their consent. This vulnerability underscores the importance of implementing security measures such as nonce verification and user authentication to protect against CSRF attacks.

Affected Version(s)

Zita Elementor Site Library 0 <= 1.6.6

References

https://patchstack.com/database/Wordpress/Plugin/zita-sit...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Nabil Irawan | Patchstack Bug Bounty Program

CVE-2026-25319 Data

JSON