Skip to main content

Restaurant Zone CVE-2026-40746

| EUVDEUVD-2026-37598 CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-06-17 Patchstack
9.9
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable WordPress endpoint (AV:N), no special timing (AC:L), Subscriber account required (PR:L), no admin interaction (UI:N); webshell escapes WordPress sandbox to OS (S:C) with full CIA impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 12:16 vuln.today

DescriptionCVE.org

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

AnalysisAI

Arbitrary file upload in the Restaurant Zone WordPress theme through version 0.7.8 allows authenticated attackers with only Subscriber-level privileges to upload arbitrary files to the underlying server, leading to remote code execution and full site compromise. The CVSS 3.1 score of 9.9 reflects the scope-changing impact achievable from a minimally privileged account; no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register Subscriber account on target site
Delivery
Authenticate to WordPress
Exploit
POST PHP payload to vulnerable theme upload handler
Execution
Request uploaded file URL
Persist
Execute webshell as web server user
Impact
Read wp-config.php and pivot to database/host

Vulnerability AssessmentAI

Exploitation Requires (1) the Restaurant Zone theme version 0.7.8 or earlier to be active on the target WordPress site, and (2) the attacker to hold at least Subscriber-level authentication - trivially obtained on any site where 'Anyone can register' is enabled (a common default for membership, comment, or WooCommerce sites) but a hard blocker on locked-down installations with registration disabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed but lean toward genuine priority on any site running this theme with open registration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free account on a target WordPress site running Restaurant Zone, receiving the default Subscriber role; they then authenticate and POST a PHP webshell to the vulnerable theme upload endpoint, which accepts the file and writes it to a predictable URL under wp-content. Requesting that URL executes the shell under the web server user, yielding interactive command execution, database credential theft from wp-config.php, and pivot opportunities into the hosting environment.
Remediation No vendor-released patch identified at time of analysis - the input data provides no fixed version, only an upper-bound affected range of <= 0.7.8 via Patchstack (https://patchstack.com/database/wordpress/theme/restaurant-zone/vulnerability/wordpress-restaurant-zone-theme-0-7-8-arbitrary-file-upload-vulnerability). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all WordPress instances for Restaurant Zone theme presence; immediately deactivate and remove the theme; revoke or restrict file upload permissions from Subscriber user role via WordPress capability settings. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-40746 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy