Bluestreet

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39617 CRITICAL Act Now

Cross-Site Request Forgery in priyanshumittal Bluestreet WordPress theme through version 1.7.3 enables unauthenticated attackers to perform arbitrary plugin installations via CSRF. Exploitation requires user interaction (victim must click malicious link or visit attacker-controlled page while authenticated to WordPress). High severity due to scope change and potential for complete site compromise through malicious plugin deployment. No public exploit identified at time of analysis.

CSRF Bluestreet

NVD

CVSS 3.1

9.6

EPSS

0.0%

CVE-2026-39617

EPSS 0% CVSS 9.6

CRITICAL Act Now

Cross-Site Request Forgery in priyanshumittal Bluestreet WordPress theme through version 1.7.3 enables unauthenticated attackers to perform arbitrary plugin installations via CSRF. Exploitation requires user interaction (victim must click malicious link or visit attacker-controlled page while authenticated to WordPress). High severity due to scope change and potential for complete site compromise through malicious plugin deployment. No public exploit identified at time of analysis.

CSRF Bluestreet

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy