Description
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.

This issue affects Skyline WP: from n/a through 1.0.10.
Published: 2026-06-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cross‑Site Request Forgery in the Extend Themes Skyline WP theme can allow a remote attacker to cause a logged‑in user to perform actions with the user’s privileges. The flaw creates a request that the theme processes without sufficient verification of the user’s intent, potentially enabling modification of site settings or content, or other privileged operations whose exact scope depends on the installed theme’s capabilities. The impact is limited to the account level actions that the theme permits, but it gives an attacker a way to execute any operation the compromised user can normally perform. The vulnerability is classified as CWE‑352 because it exploits the absence of a verification token or anti‑CSRF measure.

Affected Systems

The vulnerability affects the Skyline WP theme from Extend Themes, all releases from the initial release up to and including version 1.0.10. No additional vendor or product information is disclosed in the advisory.

Risk and Exploitability

The CVSS score of 4.3 indicates a low to moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it is not a widely exploited issue at this time. The attack vector is inferred to be remote and requires the victim to be authenticated to the site; the attacker must lure the user to a crafted site that posts a forged request to the vulnerable theme. Because the issue is a CSRF flaw, exploitation typically involves social engineering, yet the lack of an EPSS score and KEV listing imply that the exploit probability may be low. Nonetheless, any user who uses the affected theme and is logged in is a potential target and should be advised to apply the vendor’s patch.

Generated by OpenCVE AI on June 18, 2026 at 12:02 UTC.

Remediation

Vendor Solution

Update the WordPress Skyline WP theme to the latest available version (at least 1.0.11).


OpenCVE Recommended Actions

  • Update the Skyline WP theme to version 1.0.11 or later
  • If a patch is not yet available, temporarily deactivate or replace the theme until the update can be applied
  • Review the site for unintended changes and monitor user activity logs for suspicious actions

Generated by OpenCVE AI on June 18, 2026 at 12:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Extend Themes
Extend Themes skyline Wp
Wordpress
Wordpress wordpress
Vendors & Products Extend Themes
Extend Themes skyline Wp
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.
Title WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


Subscriptions

Extend Themes Skyline Wp
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T12:09:21.477Z

Reserved: 2024-05-09T12:14:37.812Z

Link: CVE-2024-34810

cve-icon Vulnrichment

Updated: 2026-06-17T12:08:58.539Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:03:33Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)