CVE-2026-39603
Cross-Site Request Forgery in Grand Photography
Publication date: 2026-04-08
Last updated on: 2026-04-10
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themegoods | grand_photography | to 5.7.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-39603 Cross-Site Request Forgery vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-39603 is a Cross Site Request Forgery (CSRF) vulnerability affecting the WordPress Grand Photography Theme versions up to and including 5.7.8.
This vulnerability allows an attacker to trick higher privileged users into executing unwanted actions while authenticated, such as by clicking a malicious link, visiting a crafted page, or submitting a form.
Although the vulnerability can be initiated by an unauthenticated user, successful exploitation requires user interaction from a privileged user.
It is classified under OWASP Top 10 category A1: Broken Access Control and has a CVSS severity score of 5.4, indicating a low priority threat.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to perform unauthorized actions on your website if a privileged user is tricked into interacting with malicious content.
Such actions could include changes or operations executed with the privileges of the authenticated user, potentially compromising the integrity or functionality of your site.
However, the severity is considered low (CVSS 5.4), and exploitation is unlikely without user interaction from a privileged user.
No official patch is currently available, so immediate mitigation involves updating the theme if possible or seeking help from hosting providers or web developers.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the affected Grand Photography theme if possible.
If updating is not possible, seek assistance from hosting providers or web developers to implement protective measures.
Since no official patch is currently available, these steps are the best immediate actions to reduce risk.