Skip to main content

Ecommerce Zone

1 CVEs product

Monthly

CVE-2026-40747 CRITICAL Act Now

Arbitrary file upload in the Ecommerce Zone WordPress theme (versions <= 0.9.7) allows authenticated low-privileged users (Subscriber role) to upload files of attacker-chosen types, resulting in a CVSS 9.9 critical scoring with scope change. No public exploit identified at time of analysis, and the issue was reported by Patchstack via their WordPress vulnerability database. Successful exploitation typically leads to remote code execution on the underlying web server.

File Upload Ecommerce Zone
NVD
CVSS 3.1
9.9
EPSS
0.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the Ecommerce Zone WordPress theme (versions <= 0.9.7) allows authenticated low-privileged users (Subscriber role) to upload files of attacker-chosen types, resulting in a CVSS 9.9 critical scoring with scope change. No public exploit identified at time of analysis, and the issue was reported by Patchstack via their WordPress vulnerability database. Successful exploitation typically leads to remote code execution on the underlying web server.

File Upload Ecommerce Zone
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy