Cross-Site Request Forgery in CrawlWP SEO by Mihdan
CVE-2026-59520

4.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
5 July 2026

What is CVE-2026-59520?

A Cross-Site Request Forgery (CSRF) vulnerability exists in CrawlWP SEO by Mihdan, which allows unauthorized actions to be performed on behalf of authenticated users. This security flaw can be exploited to manipulate users’ requests without their consent, potentially compromising site integrity and user data security. It is crucial for users operating versions from n/a to 3.0.16 to apply necessary security measures.

Affected Version(s)

CrawlWP SEO <= 3.0.16

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ananda Dhakal | Patchstack
.