Skip to main content

Restaurant Zone

1 CVEs product

Monthly

CVE-2026-40746 CRITICAL Act Now

Arbitrary file upload in the Restaurant Zone WordPress theme through version 0.7.8 allows authenticated attackers with only Subscriber-level privileges to upload arbitrary files to the underlying server, leading to remote code execution and full site compromise. The CVSS 3.1 score of 9.9 reflects the scope-changing impact achievable from a minimally privileged account; no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.

File Upload Restaurant Zone
NVD
CVSS 3.1
9.9
EPSS
0.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the Restaurant Zone WordPress theme through version 0.7.8 allows authenticated attackers with only Subscriber-level privileges to upload arbitrary files to the underlying server, leading to remote code execution and full site compromise. The CVSS 3.1 score of 9.9 reflects the scope-changing impact achievable from a minimally privileged account; no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.

File Upload Restaurant Zone
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy