Ecommerce Zone
Monthly
Arbitrary file upload in the Ecommerce Zone WordPress theme (versions <= 0.9.7) allows authenticated low-privileged users (Subscriber role) to upload files of attacker-chosen types, resulting in a CVSS 9.9 critical scoring with scope change. No public exploit identified at time of analysis, and the issue was reported by Patchstack via their WordPress vulnerability database. Successful exploitation typically leads to remote code execution on the underlying web server.
Arbitrary file upload in the Ecommerce Zone WordPress theme (versions <= 0.9.7) allows authenticated low-privileged users (Subscriber role) to upload files of attacker-chosen types, resulting in a CVSS 9.9 critical scoring with scope change. No public exploit identified at time of analysis, and the issue was reported by Patchstack via their WordPress vulnerability database. Successful exploitation typically leads to remote code execution on the underlying web server.