Skip to main content

Webenvo

1 CVEs product

Monthly

CVE-2026-39589 CRITICAL Act Now

Arbitrary file upload in the Webenvo WordPress theme (versions <= 0.0.6) allows authenticated low-privilege users (Subscriber role) to upload arbitrary files, leading to remote code execution and full site compromise. The CVSS 9.9 score reflects scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

File Upload Webenvo
NVD
CVSS 3.1
9.9
EPSS
0.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the Webenvo WordPress theme (versions <= 0.0.6) allows authenticated low-privilege users (Subscriber role) to upload arbitrary files, leading to remote code execution and full site compromise. The CVSS 9.9 score reflects scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

File Upload Webenvo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy