CVE-2025-26572

Name of the Vulnerable Software and Affected Versions: WP PHPList versions n/a through 1.7

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as submitting a form or clicking a link.

Recommendations: For WP PHPList versions n/a through 1.7, consider implementing CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive functionality that may be exploited through CSRF attacks until a patch is available.