Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable upload abusable by any Subscriber (PR:L, AC:L); writing executable files to webroot escapes the app sandbox (S:C) and yields full host-level C/I/A impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
AnalysisAI
Arbitrary file upload in the Webenvo WordPress theme (versions <= 0.0.6) allows authenticated low-privilege users (Subscriber role) to upload arbitrary files, leading to remote code execution and full site compromise. The CVSS 9.9 score reflects scope change and high impact across confidentiality, integrity, and availability. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) a WordPress site running the Webenvo theme at version 0.0.6 or earlier, and (2) the attacker holding a valid Subscriber-level (or higher) account on that site - implying either open user registration is enabled (Settings → General → "Anyone can register"), or the attacker has obtained Subscriber credentials through another means. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) signals a high-impact, low-complexity, network-reachable flaw requiring only minimal privileges, which is consistent with a Subscriber-level WordPress account on a site that permits open registration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free Subscriber account on a WordPress site running the Webenvo theme, then sends a crafted HTTP POST to the vulnerable upload endpoint containing a PHP webshell disguised as an allowed file type. Once the file lands in an accessible directory under wp-content, the attacker requests the shell URL to execute arbitrary commands as the web server user, pivoting to full site takeover and potentially the host. |
| Remediation | Upstream fix availability is not confirmed from the provided data - the Patchstack advisory is the only reference and no patched version is cited, so administrators should treat this as: no vendor-released patch independently confirmed at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all WordPress installations for Webenvo theme presence and version; disable the theme immediately if found. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37587