Skip to main content

Bluestreet

1 CVEs product

Monthly

CVE-2026-39617 CRITICAL Act Now

Cross-Site Request Forgery in priyanshumittal Bluestreet WordPress theme through version 1.7.3 enables unauthenticated attackers to perform arbitrary plugin installations via CSRF. Exploitation requires user interaction (victim must click malicious link or visit attacker-controlled page while authenticated to WordPress). High severity due to scope change and potential for complete site compromise through malicious plugin deployment. No public exploit identified at time of analysis.

CSRF Bluestreet
NVD
CVSS 3.1
9.6
EPSS
0.0%
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-Site Request Forgery in priyanshumittal Bluestreet WordPress theme through version 1.7.3 enables unauthenticated attackers to perform arbitrary plugin installations via CSRF. Exploitation requires user interaction (victim must click malicious link or visit attacker-controlled page while authenticated to WordPress). High severity due to scope change and potential for complete site compromise through malicious plugin deployment. No public exploit identified at time of analysis.

CSRF Bluestreet
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy