Grand Portfolio allows hackers to trick users into making unintended changes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Grand Portfolio allows hackers to trick users into making unintended changes

CVE-2026-39634

Summary

A flaw in Grand Portfolio allows hackers to trick users into making unintended changes to the website. This can lead to unauthorized actions being taken on the user's account. Users and administrators should update to the latest version of Grand Portfolio to fix this issue.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Theme/grandportfolio/vulnerability/wor...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026