CVE-2026-25319 identifies a CSRF vulnerability in the wpzita Zita Elementor Site Library plugin for WordPress, affecting versions up to 1.6.6. The vulnerability allows an attacker to trick authenticated users into submitting unauthorized requests, potentially leading to limited integrity impact. The CVSS 3.1 base score is 4.3, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and limited impact on integrity only. No patch or vendor advisory information is available to confirm remediation status.

The vulnerability could allow attackers to perform unauthorized actions on behalf of authenticated users, potentially modifying data or settings within the affected plugin. There is no impact on confidentiality or availability reported. The medium severity score reflects limited but non-negligible risk.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying standard CSRF mitigations such as disabling or restricting the plugin if feasible, or limiting user roles that can interact with the plugin. Monitor vendor channels for updates.