Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable WordPress endpoint (AV:N), no special timing (AC:L), Subscriber account required (PR:L), no admin interaction (UI:N); webshell escapes WordPress sandbox to OS (S:C) with full CIA impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
AnalysisAI
Arbitrary file upload in the Restaurant Zone WordPress theme through version 0.7.8 allows authenticated attackers with only Subscriber-level privileges to upload arbitrary files to the underlying server, leading to remote code execution and full site compromise. The CVSS 3.1 score of 9.9 reflects the scope-changing impact achievable from a minimally privileged account; no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) the Restaurant Zone theme version 0.7.8 or earlier to be active on the target WordPress site, and (2) the attacker to hold at least Subscriber-level authentication - trivially obtained on any site where 'Anyone can register' is enabled (a common default for membership, comment, or WooCommerce sites) but a hard blocker on locked-down installations with registration disabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed but lean toward genuine priority on any site running this theme with open registration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free account on a target WordPress site running Restaurant Zone, receiving the default Subscriber role; they then authenticate and POST a PHP webshell to the vulnerable theme upload endpoint, which accepts the file and writes it to a predictable URL under wp-content. Requesting that URL executes the shell under the web server user, yielding interactive command execution, database credential theft from wp-config.php, and pivot opportunities into the hosting environment. |
| Remediation | No vendor-released patch identified at time of analysis - the input data provides no fixed version, only an upper-bound affected range of <= 0.7.8 via Patchstack (https://patchstack.com/database/wordpress/theme/restaurant-zone/vulnerability/wordpress-restaurant-zone-theme-0-7-8-arbitrary-file-upload-vulnerability). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all WordPress instances for Restaurant Zone theme presence; immediately deactivate and remove the theme; revoke or restrict file upload permissions from Subscriber user role via WordPress capability settings. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37598