CSRF in Masacms

CVE-2026-40325

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in admi…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

Affected products

  • Masacms — versions < 7.2.10, >= 7.3.0, < 7.3.15, >= 7.4.0, < 7.4.10

Weakness classification (CWE)

References