anonhaven
Ad

CVE-2026-39619

CRITICAL CVSS 3.1: 9.6 EPSS 0.02%
Updated Apr 09, 2026
Cross-Site
Parameter Value
CVSS 9.6 (CRITICAL)
Type CWE-352 (Cross-Site Request Forgery (CSRF))
Vendor Cross-Site
Public PoC No

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF)

References 1

https://patchstack.com/database/Wordpress/Theme/busiprof/vulnerability/wordpres…
audit@patchstack.com
Share Post Share Share Share