Cross-Site Request Forgery Vulnerability in Analytify Under Construction
CVE-2026-34896

7.5HIGH

Key Information:

Vendor: WordPress
Status: Under Construction, Coming Soon & Maintenance Mode
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-34896?

A Cross-Site Request Forgery vulnerability exists in the Analytify Under Construction, Coming Soon & Maintenance Mode plugin, which could allow an attacker to execute unauthorized actions on behalf of an authenticated user. This vulnerability affects versions of the plugin up to 2.1.1, posing potential security risks if exploited.

Affected Version(s)

Under Construction, Coming Soon & Maintenance Mode <= 2.1.1

References

https://patchstack.com/database/wordpress/plugin/under-co...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Carlos Ferreira | Patchstack Bug Bounty Program

CVE-2026-34896 Data

JSON

WordPress

What is CVE-2026-34896?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit