What is the CVSS score of CVE-2026-32482?

CVE-2026-32482 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

CVE-2026-32482

Q: How to fix or mitigate CVE-2026-32482?

Within 24 hours: Identify all WordPress installations using Ona theme and document current versions. Within 7 days: Update Ona theme to version 1.24 or later across all affected WordPress sites; if immediate update is not possible, disable the theme and switch to an alternative. Within 30 days: Conduct forensic review of affected servers for unauthorized file uploads or web shells; audit user accounts and access logs for signs of compromise.

EUVD-2026-15823 CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-25 Patchstack

GHSA-8x7j-66jm-5vq5

File Upload

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 16:37 vuln.today

cvss_changed

Analysis Updated

Apr 16, 2026 - 05:48 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.24

EUVD ID Assigned

Mar 25, 2026 - 16:47 euvd

EUVD-2026-15823

Analysis Generated

Mar 25, 2026 - 16:47 vuln.today

CVE Published

Mar 25, 2026 - 16:14 nvd

CRITICAL 9.9

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24.

AnalysisAI

An unrestricted file upload vulnerability exists in the deothemes Ona WordPress theme that allows attackers to upload web shells to affected servers. All versions of Ona prior to 1.24 are vulnerable, enabling remote code execution through malicious file uploads. …

RemediationAI

Within 24 hours: Identify all WordPress installations using Ona theme and document current versions. Within 7 days: Update Ona theme to version 1.24 or later across all affected WordPress sites; if immediate update is not possible, disable the theme and switch to an alternative. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32482 vulnerability details – vuln.today

Back

CVE-2026-32482

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code