PatchSiren cyber security CVE debrief
CVE-2026-49043 WP Engine CVE debrief
CVE-2026-49043 is a MEDIUM severity Unauthenticated Cross Site Request Forgery (CSRF) vulnerability affecting WP Migrate Lite versions up to 2.7.8. The vulnerability has a CVSS score of 4.7. It was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-49043) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-49043).
- Vendor
- WP Engine
- Product
- WP Migrate Lite
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WP Migrate Lite plugin versions up to 2.7.8 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is caused by a lack of proper validation and sanitization of requests, allowing an attacker to perform actions on behalf of a user without their consent. The [cvssVector](https://nvd.nist.gov/vuln/detail/CVE-2026-49043) for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to WP Migrate Lite plugin to version 2.7.9 or later.
- Implement additional security measures such as validating and sanitizing user requests.
Evidence notes
Evidence for this CVE comes from [ref-4](https://patchstack.com/database/wordpress/plugin/wp-migrate-db/vulnerability/wordpress-wp-migrate-lite-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve).
Official resources
-
CVE-2026-49043 CVE record
CVE.org
-
CVE-2026-49043 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49043 was published on June 15, 2026, and last modified on June 15, 2026.