CVE-2026-25015

WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53.

We have discovered 1,700 live websites that are affected by CVE-2026-25015.

Run a Free Instant Scan



Affected Software

Product  Userswp
Category Wordpress Plugins
Vulnerable Domains1,700 live websites (50% of Userswp install base)
Vulnerable Versions
  • from 0 through 1.2.53
Vulnerable Versions Count86 versions ( 93% of all versions)



Details

  • Published - Feb 3, 2026
  • Updated - Apr 1, 2026

Credits

  • Tristan Jay Neale | Patchstack Bug Bounty Program (finder)

Website Distribution by Country

Number of websites using CVE-2026-25015
United States578 websites


Germany161 websites
GB119 websites
Italy112 websites
France63 websites
Cyprus49 websites
Spain47 websites
India42 websites
Australia41 websites
Russia38 websites

Website Distribution by TLD

Number of websites using CVE-2026-25015
.com692 websites
.org146 websites
.de82 websites
.it77 websites
.co.uk66 websites
.net50 websites
.com.au31 websites
.ru31 websites
.ca27 websites
.pl27 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2026-25015

Top websites that are affected by CVE-2026-25015. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***************.org United States*,***
**********.id Indonesia**,***
*********.com United States**,***
************************.de Germany**,***
********.com United States***,***
*****.*******.io United States***,***
**.today United States***,***
******.com United States***,***
************.com United States***,***
*****.org United States***,***
See full domain list

FAQ

A total of 1,700 websites have been identified as vulnerable to CVE-2026-25015, based on global website indexing conducted by WebTechSurvey.
The Userswp is affected by the CVE-2026-25015 vulnerability.
Userswp versions up to and including 1.2.53 are vulnerable to CVE-2026-25015.