Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable upload endpoint (AV:N/AC:L), requires a Subscriber account (PR:L), no interaction; upload-to-RCE crosses into the server context (S:C) yielding full C/I/A impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
AnalysisAI
Arbitrary file upload in the Zegen WordPress theme (versions 1.1.9 and earlier) lets a low-privileged authenticated user (Subscriber role) upload files without adequate type validation, enabling upload of executable PHP and full site compromise. The CVSS 3.1 base score is 9.9 with a scope change, reflecting that a minimally-privileged account can escalate to server-level code execution. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated account with at least Subscriber privileges (CVSS PR:L) and network access to the theme's upload functionality; no user interaction is needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a genuinely high-priority issue where any registered account exists. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker self-registers (or uses any Subscriber account) on a Zegen-powered WordPress site, then sends a crafted request to the theme's file-upload handler containing a PHP web shell disguised or unfiltered by extension. Because no privileged role or user interaction is required, the attacker then browses to the uploaded file to execute arbitrary code and take over the site. … |
| Remediation | No vendor-released patch version is identified in the available data, so upgrade to a fixed release once ZOZOThemes publishes one beyond 1.1.9 - consult the Patchstack advisory (https://patchstack.com/database/wordpress/theme/zegen/vulnerability/wordpress-zegen-theme-1-1-9-arbitrary-file-upload-vulnerability) for the fixed version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress installations running Zegen theme versions 1.1.9 and earlier; immediately disable the theme on all affected sites pending remediation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41333
GHSA-qf93-7g5p-rgxj