Grand Portfolio
Monthly
Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Portfolio WordPress theme versions up to 3.3 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users with low integrity and availability impact. The vulnerability requires user interaction (UI:R) to trigger a malicious request. No public exploit code or active exploitation has been confirmed, and the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the CVSS 5.4 rating.
Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Portfolio WordPress theme versions up to 3.3 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users with low integrity and availability impact. The vulnerability requires user interaction (UI:R) to trigger a malicious request. No public exploit code or active exploitation has been confirmed, and the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the CVSS 5.4 rating.