Skip to main content

Kids Online Store

1 CVEs product

Monthly

CVE-2026-40750 CRITICAL Act Now

Arbitrary file upload in the Kids Online Store WordPress theme (versions up to and including 0.8.9) by themagnifico52 allows authenticated attackers to upload web shells and achieve remote code execution on the underlying server. The flaw is reported by Patchstack and carries a CVSS 3.1 score of 9.9 due to the scope-changing impact on the WordPress host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

File Upload Kids Online Store
NVD VulDB
CVSS 3.1
9.9
EPSS
0.3%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the Kids Online Store WordPress theme (versions up to and including 0.8.9) by themagnifico52 allows authenticated attackers to upload web shells and achieve remote code execution on the underlying server. The flaw is reported by Patchstack and carries a CVSS 3.1 score of 9.9 due to the scope-changing impact on the WordPress host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

File Upload Kids Online Store
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy