Skip to main content

Appointment

1 CVEs product

Monthly

CVE-2026-39620 CRITICAL Act Now

WordPress Appointment theme versions through 3.5.5 suffer from Cross-Site Request Forgery (CSRF) enabling unauthenticated attackers to upload malicious web shells to the server. With CVSS 9.6 (Critical) and a changed scope, successful exploitation grants attackers remote code execution capabilities with high impact to confidentiality, integrity, and availability. EPSS probability is low (0.01%, 1st percentile), and no public exploit identified at time of analysis, though the CSRF-to-RCE chain represents a serious threat requiring immediate patching.

CSRF Appointment
NVD
CVSS 3.1
9.6
EPSS
0.0%
EPSS 0% CVSS 9.6
CRITICAL Act Now

WordPress Appointment theme versions through 3.5.5 suffer from Cross-Site Request Forgery (CSRF) enabling unauthenticated attackers to upload malicious web shells to the server. With CVSS 9.6 (Critical) and a changed scope, successful exploitation grants attackers remote code execution capabilities with high impact to confidentiality, integrity, and availability. EPSS probability is low (0.01%, 1st percentile), and no public exploit identified at time of analysis, though the CSRF-to-RCE chain represents a serious threat requiring immediate patching.

CSRF Appointment
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy