Unauthenticated Cross Site Request Forgery in pCloud WP Backup by pCloud
CVE-2026-57757

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 July 2026

What is CVE-2026-57757?

The vulnerability presents an unauthenticated Cross Site Request Forgery (CSRF) in versions of pCloud WP Backup that are 2.0.2 or earlier. This flaw allows attackers to trick users into performing unwanted actions on their behalf without their consent. As a result, unauthorized operations could be executed, potentially compromising the security of WordPress sites utilizing this backup plugin. It is crucial for users to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

pCloud WP Backup <= 2.0.2

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

R2D2 | Patchstack Bug Bounty Program
.