Skip to main content

Grand Portfolio

1 CVEs product

Monthly

CVE-2026-39634 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Portfolio WordPress theme versions up to 3.3 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users with low integrity and availability impact. The vulnerability requires user interaction (UI:R) to trigger a malicious request. No public exploit code or active exploitation has been confirmed, and the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the CVSS 5.4 rating.

CSRF Grand Portfolio
NVD
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Portfolio WordPress theme versions up to 3.3 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users with low integrity and availability impact. The vulnerability requires user interaction (UI:R) to trigger a malicious request. No public exploit code or active exploitation has been confirmed, and the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the CVSS 5.4 rating.

CSRF Grand Portfolio
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy