Skip to main content

Kids Gift Shop

1 CVEs product

Monthly

CVE-2026-40748 CRITICAL Act Now

Arbitrary file upload in the Kids Gift Shop WordPress theme (versions 0.5.4 and earlier) allows authenticated users with Subscriber-level privileges to upload arbitrary files to the server. The CVSS 3.1 score of 9.9 with scope change reflects the potential for remote code execution leading to full site compromise, and no public exploit identified at time of analysis.

File Upload Kids Gift Shop
NVD
CVSS 3.1
9.9
EPSS
0.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the Kids Gift Shop WordPress theme (versions 0.5.4 and earlier) allows authenticated users with Subscriber-level privileges to upload arbitrary files to the server. The CVSS 3.1 score of 9.9 with scope change reflects the potential for remote code execution leading to full site compromise, and no public exploit identified at time of analysis.

File Upload Kids Gift Shop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy