{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39632", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:57:36.651Z", "datePublished": "2026-04-08T08:30:28.792Z", "dateUpdated": "2026-04-08T08:30:28.792Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "grandblog", "product": "Grand Blog", "vendor": "ThemeGoods", "versions": [{"lessThanOrEqual": "3.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:36.225Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.<p>This issue affects Grand Blog: from n/a through <= 3.1.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:28.792Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/grandblog/vulnerability/wordpress-grand-blog-theme-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1."}], "id": "CVE-2026-39632", "lastModified": "2026-04-08T21:26:35.910", "metrics": {}, "published": "2026-04-08T09:16:33.750", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/grandblog/vulnerability/wordpress-grand-blog-theme-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Grand Blog", "source": "cna", "vendor": "ThemeGoods"}, "product": "grand_blog", "vendor": "themegoods"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:47:11.260391+00:00", "value": {"mitigation_remediation": ["Upgrade the Grand Blog theme to version 3.2 or later to remove the CSRF flaw.", "If no upgrade is available, switch to a different actively maintained theme.", "Disable the Grand Blog theme or delete it until it is patched.", "Review site for any unauthorized changes after an upgrade.", "Encourage site administrators to enforce strong passwords and review account activity for potential compromise."], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the ThemeGoods Grand Blog theme for WordPress. Versions up to and including 3.1 are impacted. Users running any of these releases should update the theme to a version newer than 3.1 once available.", "description_and_impact": "The Grand Blog WordPress theme contains a flaw that allows a malicious site to send authenticated requests to the target site without the user\u2019s consent. This Cross\u2011Site Request Forgery weakness can let an attacker modify or delete content, change settings, or execute other privileged actions under the victim\u2019s account. The vulnerability is categorized as CWE\u2011352, which signifies the absence of proper verification of request authenticity.", "risk_and_exploitability": "Based on the description, it is inferred that the attack vector is social engineering, requiring the victim to be authenticated and visit a malicious page. No CVSS or EPSS scores are published, so the precise severity is unclear. However, CSRF attacks can alter site content or compromise user accounts, making the risk moderate to high until a patch is applied."}}}}, "created": "2026-04-08T19:29:26.700177+00:00", "updated": "2026-04-08T19:41:43.135528+00:00", "vendors": ["themegoods", "themegoods$PRODUCT$grand_blog", "wordpress", "wordpress$PRODUCT$wordpress"]}