CVE-2026-39617
Received Received - Intake
Cross-Site Request Forgery in Bluestreet

Publication date: 2026-04-08

Last updated on: 2026-04-09

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-39617
EUVD
EUVD-2026-20257
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
priyanshumittal bluestreet to 1.7.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The recommended immediate mitigation is to remove and replace the vulnerable Bluestreet theme version 1.7.3 or earlier.

Deactivating the theme alone does not eliminate the threat unless a mitigation rule from Patchstack is applied.

Patchstack offers rapid mitigation solutions that can be applied to protect affected sites until a permanent fix or patch is available.

Executive Summary

CVE-2026-39617 is a Cross Site Request Forgery (CSRF) vulnerability found in the WordPress Bluestreet Theme versions up to and including 1.7.3.

This vulnerability allows attackers to trick users with higher privileges into performing unwanted actions while they are authenticated. This can happen if the privileged user clicks on malicious links, visits crafted web pages, or submits malicious forms.

Although the attack requires user interaction and the involvement of a privileged user, it poses a significant risk due to its high severity and potential for widespread exploitation.

Impact Analysis

This vulnerability can lead to unauthorized actions being executed on your website by attackers exploiting the trust of privileged users.

Because it targets privileged users, attackers could potentially perform administrative actions without consent, which might include installing plugins or changing settings.

The high CVSS score of 9.6 indicates a critical impact, meaning it could be used in mass exploitation campaigns affecting many websites regardless of their popularity or traffic.

Mitigation requires removing or replacing the vulnerable theme or applying specific mitigation rules, as simply deactivating the theme does not eliminate the threat.

Compliance Impact

The CVE-2026-39617 vulnerability is a Cross Site Request Forgery (CSRF) issue that allows attackers to trick privileged users into executing unwanted actions. This can lead to unauthorized changes or actions within affected websites.

Such unauthorized actions could potentially lead to data breaches or unauthorized access to sensitive information, which may impact compliance with standards and regulations like GDPR or HIPAA that require protection of personal and sensitive data.

However, the provided information does not explicitly mention the direct impact of this vulnerability on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39617. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart