Blackfyre: Malicious Requests Can Be Sent on Your Behalf

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Blackfyre: Malicious Requests Can Be Sent on Your Behalf

CVE-2026-39641

Summary

A security weakness in Blackfyre software allows an attacker to trick users into performing actions without their knowledge or consent. This issue affects Blackfyre versions from an unknown version up to 2.5.4, so it's essential to update to a newer version to protect your system. Update Blackfyre to a version higher than 2.5.4 to fix this issue.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Theme/blackfyre/vulnerability/wordpres...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026