What is the CVSS score of CVE-2026-27067?

CVE-2026-27067 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Syarif Mobile App Editor CVE-2026-27067

Q: Which versions of Syarif Mobile App Editor are affected by CVE-2026-27067?

A critical vulnerability in the Mobile App Editor WordPress plugin allows authenticated administrators to upload malicious files that could grant attackers complete control of our web servers.

EUVD-2026-13087 CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-19 audit@patchstack.com

File Upload

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 16:12 vuln.today

cvss_changed

EUVD ID Assigned

Mar 19, 2026 - 09:22 euvd

EUVD-2026-13087

Analysis Generated

Mar 19, 2026 - 09:22 vuln.today

CVE Published

Mar 19, 2026 - 09:16 nvd

CRITICAL 9.1

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1.

AnalysisAI

The Mobile App Editor WordPress plugin contains an unrestricted file upload vulnerability that allows authenticated administrators to upload malicious web shells to the web server. This affects all versions through 1.3.1 and carries a critical CVSS score of 9.1 due to the potential for complete system compromise with changed scope. …

RemediationAI

Within 24 hours: Audit all administrator accounts for suspicious activity and review recent file uploads in the plugin directory; disable the Mobile App Editor plugin immediately if not actively used. Within 7 days: Identify all WordPress instances running this plugin, document business justification for continued use, and implement compensating controls for any systems where the plugin remains enabled. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27067 vulnerability details – vuln.today

Back

Syarif Mobile App Editor CVE-2026-27067

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code