Restaurant Zone
Monthly
Arbitrary file upload in the Restaurant Zone WordPress theme through version 0.7.8 allows authenticated attackers with only Subscriber-level privileges to upload arbitrary files to the underlying server, leading to remote code execution and full site compromise. The CVSS 3.1 score of 9.9 reflects the scope-changing impact achievable from a minimally privileged account; no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.
Arbitrary file upload in the Restaurant Zone WordPress theme through version 0.7.8 allows authenticated attackers with only Subscriber-level privileges to upload arbitrary files to the underlying server, leading to remote code execution and full site compromise. The CVSS 3.1 score of 9.9 reflects the scope-changing impact achievable from a minimally privileged account; no public exploit is identified at time of analysis and the issue is not currently listed in CISA KEV.