Busiprof
Monthly
Cross-Site Request Forgery (CSRF) in Busiprof WordPress theme versions ≤2.5.2 enables unauthenticated attackers to upload web shells to the server by tricking authenticated administrators into executing malicious requests. Successful exploitation grants remote code execution capabilities through arbitrary file upload, allowing complete server compromise. CVSS 9.6 reflects cross-site scope with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS 0.01%).
Cross-Site Request Forgery (CSRF) in Busiprof WordPress theme versions ≤2.5.2 enables unauthenticated attackers to upload web shells to the server by tricking authenticated administrators into executing malicious requests. Successful exploitation grants remote code execution capabilities through arbitrary file upload, allowing complete server compromise. CVSS 9.6 reflects cross-site scope with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS 0.01%).