Attack Vectors

The Petje.af WordPress plugin (slug: petje-af) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2026-4002, CVSS 4.3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) in versions up to and including 2.1.8.

Because CSRF relies on a victim already being authenticated, the most likely scenario is a staff member or site user who is currently logged in to your WordPress site being tricked into clicking a link or visiting a web page that silently triggers a request in the background (user interaction is required, but the attacker does not need to be logged in).

The vulnerable pathway is tied to the plugin’s 'petjeaf_disconnect' AJAX action, which can be triggered by an external site if the user’s browser is carrying an active WordPress session.

Security Weakness

The underlying issue is missing nonce validation in the plugin’s ajax_revoke_token() function that handles the 'petjeaf_disconnect' AJAX action. In WordPress terms, a nonce is a standard anti-forgery control used to ensure a request genuinely originated from your site and from an intended user action.

Without that validation, the function can accept forged requests and proceed with destructive operations even when the request did not come from a legitimate page or workflow on your site.

Per the disclosed details, those operations include revoking OAuth2 tokens, deleting user meta, and even deleting WordPress user accounts for users with the petjeaf_member role—actions that should require strong confirmation and anti-forgery checks.

Technical or Business Impacts

The most immediate business risk is unexpected account deletion for affected users (specifically users with the petjeaf_member role) and disruption tied to token revocation and user-meta deletion. This can translate into avoidable support load, lost productivity, and reputational damage if legitimate users lose access without understanding why.

For marketing and revenue operations, the impact can include broken user journeys (e.g., member access changes), increased churn from frustrated users, and campaign performance degradation if key segments are unexpectedly removed or cannot authenticate properly.

For executive leadership and compliance teams, the incident profile is typically characterized as an integrity risk (unauthorized changes/deletions) rather than direct data theft (the CVSS vector indicates no confidentiality impact). Even so, unauthorized user deletion can create audit, customer care, and contractual challenges, especially if membership access is tied to paid offerings or regulated workflows.

Remediation status: there is no known patch available at this time. Based on your organization’s risk tolerance, consider uninstalling the affected plugin and replacing it, or applying compensating controls such as minimizing who remains logged in to WordPress, limiting exposure of user accounts with the petjeaf_member role, and tightening operational processes around administrative and member account management until a fix is available.

Reference: CVE-2026-4002 record and the source advisory at Wordfence Threat Intelligence.

Similar Attacks

CSRF is a common class of web vulnerability where attackers exploit a user’s logged-in session to trigger unintended actions. For additional real-world context and examples of how CSRF can be used against web applications, see the following resources:

OWASP: Cross-Site Request Forgery (CSRF)
PortSwigger Web Security Academy: CSRF
Wikipedia: Cross-site request forgery