Is Busiprof affected by CVE-2026-39619?

The Busiprof WordPress theme (versions ≤2.5.2) contains a critical CSRF vulnerability that allows unauthenticated attackers to manipulate authenticated administrators into uploading malicious files, resulting in remote code execution and complete server compromise.

CVE-2026-39619

Q: How to fix CVE-2026-39619?

Within 24 hours: Identify all WordPress installations using Busiprof theme ≤2.5.2 via admin dashboard or theme audit tools; disable the theme immediately if not actively required. Within 7 days: Deactivate and remove the vulnerable Busiprof theme entirely; implement a supported alternative theme with active security maintenance. Within 30 days: Conduct server-side file integrity audit to detect any unauthorized uploads; review admin audit logs for suspicious CSRF activity; implement CSRF token validation at the application layer as a compensating control if theme cannot be immediately removed.

EUVD-2026-20261 CRITICAL

2026-04-08 Patchstack

GHSA-7gr5-hfgj-rpgg

9.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 08, 2026 - 08:45 vuln.today

EUVD ID Assigned

Apr 08, 2026 - 08:45 euvd

EUVD-2026-20261

CVE Published

Apr 08, 2026 - 08:30 nvd

CRITICAL 9.6

Description

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.

Analysis

Cross-Site Request Forgery (CSRF) in Busiprof WordPress theme versions ≤2.5.2 enables unauthenticated attackers to upload web shells to the server by tricking authenticated administrators into executing malicious requests. Successful exploitation grants remote code execution capabilities through arbitrary file upload, allowing complete server compromise. …

Remediation

Within 24 hours: Identify all WordPress installations using Busiprof theme ≤2.5.2 via admin dashboard or theme audit tools; disable the theme immediately if not actively required. Within 7 days: Deactivate and remove the vulnerable Busiprof theme entirely; implement a supported alternative theme with active security maintenance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +48

POC: 0

CVE-2026-39619 vulnerability details – vuln.today

Back

CVE-2026-39619

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-39619

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code