CVE-2026-22342 PremiumPress Limited. CVE debrief

Who should care

WordPress users, administrators, and security teams should be aware of this vulnerability, especially those using WordPress Dating Theme versions <= 11.2.0. This vulnerability could allow attackers to perform unauthorized actions on behalf of users, potentially leading to account takeover.

Technical summary

CVE-2026-22342 is a Cross Site Request Forgery (CSRF) vulnerability in WordPress Dating Theme versions <= 11.2.0. The vulnerability has a CVSS Score of 8.8 and is classified as HIGH-severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited over the network with low attack complexity and no privileges required. The weakness is classified as CWE-352.

Defensive priority

HIGH

Recommended defensive actions

• Update WordPress Dating Theme to a patched version (if available)
• Implement CSRF protection measures
• Monitor WordPress installations for suspicious activity
• Use a web application firewall (WAF) to detect and prevent CSRF attacks
• Regularly update and patch WordPress and its plugins
• Use secure protocols for communication (e.g., HTTPS)

Evidence notes

The vulnerability information is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record was published on June 17, 2026, and the vulnerability has a CVSS Score of 8.8.

Official resources