WordPress Constructo Theme Cross-Site Request Forgery Vulnerability Allowing Object Injection

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Constructo theme, specifically in versions through 4.3.9. This vulnerability allows for Object Injection, where an attacker could potentially manipulate objects within the application, leading to unexpected behavior or security issues.

Impact

Exploitation of this vulnerability could enable a malicious actor to trick users with higher privileges into performing actions they did not intend to, potentially leading to unauthorized changes or access within the application.

Added: Sep 22, 2025, 8:56 PM

Updated: Sep 22, 2025, 11:06 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Constructo Theme Cross-Site Request Forgery Vulnerability Allowing Object Injection

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating