Is PHP affected by CVE-2026-34896?

A CSRF vulnerability in Analytify's WordPress maintenance mode plugin (versions ≤2.1.1) allows attackers to trick authenticated administrators into performing unauthorized actions, potentially compromising site configuration and security settings.

CVE-2026-34896

EUVD-2026-19590 HIGH

2026-04-07 Patchstack

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 07, 2026 - 08:45 vuln.today

EUVD ID Assigned

Apr 07, 2026 - 08:45 euvd

EUVD-2026-19590

CVE Published

Apr 07, 2026 - 08:20 nvd

HIGH 7.5

Description

Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.

Analysis

Cross-Site Request Forgery (CSRF) in Analytify's Under Construction, Coming Soon & Maintenance Mode WordPress plugin versions up to 2.1.1 allows remote attackers to perform unauthorized actions on behalf of authenticated administrators through social engineering. With CVSS 7.5 (high severity) and high complexity attack vector requiring user interaction, this vulnerability has no public exploit identified at time of analysis. …

Remediation

Within 24 hours: Verify all installed instances of Analytify Under Construction, Coming Soon & Maintenance Mode plugin and document current version numbers across all WordPress sites. Within 7 days: If running version 2.1.1 or earlier, disable the plugin and identify alternative maintenance mode solutions, or restrict administrator access to trusted networks only via WAF rules. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-34896 vulnerability details – vuln.today

Back

CVE-2026-34896

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-34896

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code