Cross-Site Request Forgery Vulnerability in Bluestreet Theme by Priyanshu Mittal
CVE-2026-39617

9.6CRITICAL

Key Information:

Vendor: WordPress
Status: Bluestreet
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39617?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Bluestreet theme created by Priyanshu Mittal. This flaw allows attackers to execute unauthorized commands on behalf of authenticated users. The vulnerability impacts versions up to and including 1.7.3, enabling potential exploitation that could lead to arbitrary plugin installations without user consent. It is crucial for users of affected versions to apply necessary patches and updates to safeguard their WordPress sites against potential security breaches.

Affected Version(s)

Bluestreet 0 <= 1.7.3

References

https://patchstack.com/database/Wordpress/Theme/bluestree...

vdb-entry

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program

CVE-2026-39617 Data

JSON