CVE-2026-25337

The CVE-2026-25337 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Coachify theme (wpcoachify/Coachify) affecting versions up to and including 1.1.5. The issue is identified across multiple sources (NVD, Red Hat, CVE List, PatchStack, AttackERKB, VulnEnrichment)...

CVE-2026-25337 WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through = 1.1.5...

CVE-2026-25337 WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through = 1.1.5...

CVE-2026-25336 WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through = 1.1.5...

CVE-2026-25336 WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through = 1.1.5...

WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

CVE-2024-37417

CVE-2024-37417 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Coachify theme (affected versions from n/a up to 1.0.7). CVSS v3.1 base score 4.3 (Medium); impact is limited (I: Low, C: None, A: None) with user interaction required. Connected documents indicate the vulnerabil...

CVE-2024-37417 WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Coachify Coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through 1.0.7...

WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Coachify versions = 1.0.7...

WordPress Coachify Theme <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coachify Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37417 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f240f2751316 Credits Dhabaleshwar Das Required...