Plattform
wordpress
Komponente
busiprof
Behoben in
2.5.3
CVE-2026-39619 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Busiprof, a software component. This vulnerability allows an attacker to upload a malicious web shell to a web server, potentially leading to complete system compromise. The vulnerability affects versions from 0.0.0 through 2.5.2, and a patch is available in version 2.5.3.
The impact of this CSRF vulnerability is severe. Successful exploitation allows an attacker to upload a web shell, effectively gaining remote code execution (RCE) capabilities on the affected WordPress server. This can lead to complete server compromise, including data theft, modification, or deletion. The attacker could also leverage the compromised server for further attacks against other systems within the network, expanding the blast radius significantly. The ability to upload arbitrary code makes this a high-priority vulnerability to address.
CVE-2026-39619 was publicly disclosed on 2026-04-08. While no public proof-of-concept (PoC) code has been released at the time of writing, the ease of exploitation associated with CSRF vulnerabilities and the potential for RCE suggests a medium probability of exploitation. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Exploit-Status
EPSS
0.02% (5% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2026-39619 is to immediately upgrade the Busiprof plugin to version 2.5.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These may include restricting file upload permissions within the WordPress environment, implementing strict input validation on file uploads, and utilizing a Web Application Firewall (WAF) to filter out malicious requests. Regularly review WordPress user roles and permissions to minimize the potential impact of a successful CSRF attack. After upgrading, verify the fix by attempting to upload a test file through a browser with a different user account than the one used for the upgrade.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle eingehend und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-39619 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Busiprof versions 0.0.0–2.5.2. It allows attackers to upload a web shell, potentially leading to remote code execution.
Yes, if you are running Busiprof versions 0.0.0 through 2.5.2, you are affected by this vulnerability. Immediately assess your systems and apply the necessary updates.
The recommended fix is to upgrade Busiprof to version 2.5.3 or later. If upgrading is not possible, implement temporary workarounds like input validation and CSRF protection.
While no widespread exploitation has been publicly reported, the high CVSS score indicates a high probability of exploitation. Proactive remediation is strongly advised.
Refer to the Busiprof official website or security advisory channels for the most up-to-date information and guidance regarding CVE-2026-39619.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.