CVE-2026-4002: CWE-352 Cross-Site Request Forgery (CSRF) in petjeaf Petje.af
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function which handles the 'petjeaf_disconnect' AJAX action. The function performs destructive operations including revoking OAuth2 tokens, deleting user meta, and deleting WordPress user accounts (for users with the 'petjeaf_member' role) without verifying the request originated from a legitimate source. This makes it possible for unauthenticated attackers to force authenticated users to delete their Petje.af member user accounts via a forged request granted the victim clicks on a link or visits a malicious site.
AI Analysis
Technical Summary
CVE-2026-4002 is a CSRF vulnerability in the Petje.af WordPress plugin affecting all versions up to 2.1.8. The issue arises because the ajax_revoke_token() function, which processes the 'petjeaf_disconnect' AJAX action, lacks nonce validation to verify the legitimacy of the request source. This flaw allows attackers to perform unauthorized destructive actions, including revoking OAuth2 tokens, deleting user metadata, and removing WordPress user accounts assigned the 'petjeaf_member' role, by tricking authenticated users into executing forged requests.
Potential Impact
Exploitation of this vulnerability can lead to unauthorized deletion of Petje.af member user accounts and associated data for authenticated users. While it does not directly compromise confidentiality or availability broadly, it results in loss of user accounts and related OAuth2 tokens, causing disruption to affected users. The CVSS score of 4.3 reflects a medium impact primarily on integrity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling the Petje.af plugin or restricting access to the affected AJAX action to trusted users only. Monitoring for suspicious activity related to account deletions is advisable. Avoid clicking on untrusted links while authenticated to WordPress sites using this plugin.
CVE-2026-4002: CWE-352 Cross-Site Request Forgery (CSRF) in petjeaf Petje.af
Description
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function which handles the 'petjeaf_disconnect' AJAX action. The function performs destructive operations including revoking OAuth2 tokens, deleting user meta, and deleting WordPress user accounts (for users with the 'petjeaf_member' role) without verifying the request originated from a legitimate source. This makes it possible for unauthenticated attackers to force authenticated users to delete their Petje.af member user accounts via a forged request granted the victim clicks on a link or visits a malicious site.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-4002 is a CSRF vulnerability in the Petje.af WordPress plugin affecting all versions up to 2.1.8. The issue arises because the ajax_revoke_token() function, which processes the 'petjeaf_disconnect' AJAX action, lacks nonce validation to verify the legitimacy of the request source. This flaw allows attackers to perform unauthorized destructive actions, including revoking OAuth2 tokens, deleting user metadata, and removing WordPress user accounts assigned the 'petjeaf_member' role, by tricking authenticated users into executing forged requests.
Potential Impact
Exploitation of this vulnerability can lead to unauthorized deletion of Petje.af member user accounts and associated data for authenticated users. While it does not directly compromise confidentiality or availability broadly, it results in loss of user accounts and related OAuth2 tokens, causing disruption to affected users. The CVSS score of 4.3 reflects a medium impact primarily on integrity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling the Petje.af plugin or restricting access to the affected AJAX action to trusted users only. Monitoring for suspicious activity related to account deletions is advisable. Avoid clicking on untrusted links while authenticated to WordPress sites using this plugin.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-11T18:44:40.867Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69df540482d89c981fbdb57e
Added to database: 4/15/2026, 9:01:56 AM
Last enriched: 4/15/2026, 9:17:24 AM
Last updated: 4/16/2026, 6:23:26 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.