Charity Zone
Monthly
Arbitrary file upload in the Charity Zone WordPress theme (versions 1.1.1 and prior) allows authenticated users with only Subscriber-level privileges to upload files of attacker-chosen type, leading to remote code execution under the web server context. The flaw was disclosed via Patchstack and carries a CVSS 9.9 due to the scope change from a low-privileged WordPress role to full server compromise. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary file upload in the Charity Zone WordPress theme (versions 1.1.1 and prior) allows authenticated users with only Subscriber-level privileges to upload files of attacker-chosen type, leading to remote code execution under the web server context. The flaw was disclosed via Patchstack and carries a CVSS 9.9 due to the scope change from a low-privileged WordPress role to full server compromise. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.