{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39641", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:57:43.491Z", "datePublished": "2026-04-08T08:30:32.097Z", "dateUpdated": "2026-04-09T15:38:54.023Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "blackfyre", "product": "Blackfyre", "vendor": "Skywarrior", "versions": [{"lessThanOrEqual": "2.5.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:36.936Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.<p>This issue affects Blackfyre: from n/a through <= 2.5.4.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:32.097Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/blackfyre/vulnerability/wordpress-blackfyre-theme-2-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T15:38:49.826441Z", "id": "CVE-2026-39641", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:38:54.023Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-39641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T15:38:49.826441Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:38:35.823Z"}}], "cna": {"title": "WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "affected": [{"vendor": "Skywarrior", "product": "Blackfyre", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.5.4"}], "packageName": "blackfyre", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-08T10:28:36.936Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/blackfyre/vulnerability/wordpress-blackfyre-theme-2-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.<p>This issue affects Blackfyre: from n/a through <= 2.5.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:32.097Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39641", "state": "PUBLISHED", "dateUpdated": "2026-04-09T15:38:54.023Z", "dateReserved": "2026-04-07T10:57:43.491Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-04-08T08:30:32.097Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4."}], "id": "CVE-2026-39641", "lastModified": "2026-04-09T16:16:28.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-08T09:16:34.930", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/blackfyre/vulnerability/wordpress-blackfyre-theme-2-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Blackfyre", "source": "cna", "vendor": "Skywarrior"}, "product": "blackfyre", "vendor": "skywarrior"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:08:21.220850+00:00", "value": {"mitigation_remediation": ["Verify the currently installed Blackfyre theme version for your WordPress site.", "If a newer version is available, update the theme to a release newer than 2.5.4.", "If an update is not possible, enforce server\u2011side CSRF protection by ensuring all state\u2011changing requests require a valid nonce or token.", "Test the site after changes to confirm that form submissions no longer accept unsigned requests.", "Regularly monitor site logs and security alerts for signs of CSRF attempts or unauthorized activity."], "summary": {"action": "Apply Patch", "impact": "Unauthorized user actions via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed Skywarrior Blackfyre version 2.5.4 or earlier are affected. Any user who has logged into such a site and is potentially the target of CSRF attacks is at risk. The theme is a commonly used component in many WordPress installations.", "description_and_impact": "This vulnerability allows an attacker to perform actions on a WordPress site without the user's knowledge by exploiting a Cross\u2011Site Request Forgery flaw in the Blackfyre theme. The attack permits the malicious actor to submit requests that the theme processes as if they came from a legitimate, authenticated user. The weakness is classified as CWE-352 and can compromise the confidentiality and integrity of user actions but does not provide direct code execution.", "risk_and_exploitability": "The CVSS score is not listed, and no EPSS value is available, so the exact severity cannot be quantified from the data. However, CSRF is a well\u2011known attack vector that typically requires an authenticated victim to visit a crafted URL or submit a malicious form. Because the flaw is in theme code, an attacker only needs to entice or trick a user into loading a malicious link; no privileged system compromise is necessary. Without widespread exploitation evidence, the likelihood of active attacks is uncertain, but the potential impact warrants prompt remediation."}}}}, "created": "2026-04-08T19:28:29.540581+00:00", "updated": "2026-04-08T19:41:33.950193+00:00", "vendors": ["skywarrior", "skywarrior$PRODUCT$blackfyre", "wordpress", "wordpress$PRODUCT$wordpress"]}