Grand Magazine allows attackers to make unauthorized changes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

Grand Magazine allows attackers to make unauthorized changes

CVE-2026-39635

Summary

A security issue in Grand Magazine allows an attacker to trick users into performing actions on a website without their knowledge or consent. This means that an attacker could make changes to a user's account or data without them realizing it. To fix this, update Grand Magazine to version 3.5.6 or later.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Theme/grandmagazine/vulnerability/word...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026