Placipy · Placipy · CVE-2026-25812
**Name of the Vulnerable Software and Affected Versions**
PlaciPy version 1.0.0
**Description**
PlaciPy, a placement management system for educational institutions, does not implement CSRF protection despite enabling credentialed CORS requests in version 1.0.0. This configuration could allow malicious actors to potentially exploit cross-site request forgery attacks.
**Recommendations**
Implement CSRF protection mechanisms to mitigate the risk.