Description
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.
Published: 2026-02-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross Site Request Forgery
Action: Apply Patch
AI Analysis

Impact

The flaw exists in the Sigmize plugin for WordPress and allows attackers to trick a logged‑in user into sending a forged request that is processed by the plugin. Because the plugin does not enforce origin checks, a malicious link or form can trigger arbitrary state‑changing operations that the user intended to perform. This vulnerability represents a moderate security risk as it enables unauthorized actions by leveraging an authenticated session.

Affected Systems

WordPress sites that have the Brainstorm Force Sigmize plugin installed, version 0.0.9 or earlier, are vulnerable. The issue applies to all users who can authenticate to the site and access the Sigmize plugin interface.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. The estimated exploitation probability, as reflected by an EPSS score of less than 1%, suggests a very low likelihood of real‑world exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an authenticated user to inadvertently visit a crafted URL or submit a forged form; no additional conditions beyond an active session are required according to the CVE description.

Generated by OpenCVE AI on April 16, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Sigmize plugin to the latest version released by Brainstorm Force.
  • If an upgrade cannot be performed immediately, deactivate the Sigmize plugin until a patched version is available.
  • Limit WordPress administrative access to reduce the number of users who could be tricked into sending forged requests.

Generated by OpenCVE AI on April 16, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 03 Feb 2026 14:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.
Title WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:51.935Z

Reserved: 2026-01-28T09:50:35.465Z

Link: CVE-2026-24962

cve-icon Vulnrichment

Updated: 2026-02-09T14:49:59.812Z

cve-icon NVD

Status : Deferred

Published: 2026-02-03T15:16:16.820

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24962

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:45:27Z

Weaknesses