Skip to main content

Zegen Theme EUVDEUVD-2026-41333

| CVE-2026-27419 CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-07-02 Patchstack GHSA-qf93-7g5p-rgxj
9.9
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable upload endpoint (AV:N/AC:L), requires a Subscriber account (PR:L), no interaction; upload-to-RCE crosses into the server context (S:C) yielding full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 12:00 vuln.today

DescriptionCVE.org

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

AnalysisAI

Arbitrary file upload in the Zegen WordPress theme (versions 1.1.9 and earlier) lets a low-privileged authenticated user (Subscriber role) upload files without adequate type validation, enabling upload of executable PHP and full site compromise. The CVSS 3.1 base score is 9.9 with a scope change, reflecting that a minimally-privileged account can escalate to server-level code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or obtain Subscriber account
Delivery
Access theme upload endpoint
Exploit
Upload PHP file bypassing type checks
Execution
Request uploaded webshell
Impact
Execute arbitrary code, full site compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated account with at least Subscriber privileges (CVSS PR:L) and network access to the theme's upload functionality; no user interaction is needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals point to a genuinely high-priority issue where any registered account exists. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker self-registers (or uses any Subscriber account) on a Zegen-powered WordPress site, then sends a crafted request to the theme's file-upload handler containing a PHP web shell disguised or unfiltered by extension. Because no privileged role or user interaction is required, the attacker then browses to the uploaded file to execute arbitrary code and take over the site. …
Remediation No vendor-released patch version is identified in the available data, so upgrade to a fixed release once ZOZOThemes publishes one beyond 1.1.9 - consult the Patchstack advisory (https://patchstack.com/database/wordpress/theme/zegen/vulnerability/wordpress-zegen-theme-1-1-9-arbitrary-file-upload-vulnerability) for the fixed version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all WordPress installations running Zegen theme versions 1.1.9 and earlier; immediately disable the theme on all affected sites pending remediation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41333 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy