Webstack

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-1555 CRITICAL Act Now

Unrestricted file upload in WebStack WordPress theme allows unauthenticated remote code execution. The io_img_upload() function in all versions through 1.2024 lacks file type validation, enabling unauthenticated attackers to upload malicious files (e.g., PHP shells) directly to the server. No public exploit identified at time of analysis, but EPSS score and attack complexity (CVSS AC:L) indicate straightforward exploitation. Critical severity (CVSS 9.8) warranted due to complete system compromise potential with zero authentication barriers.

WordPress RCE File Upload Webstack
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1555
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted file upload in WebStack WordPress theme allows unauthenticated remote code execution. The io_img_upload() function in all versions through 1.2024 lacks file type validation, enabling unauthenticated attackers to upload malicious files (e.g., PHP shells) directly to the server. No public exploit identified at time of analysis, but EPSS score and attack complexity (CVSS AC:L) indicate straightforward exploitation. Critical severity (CVSS 9.8) warranted due to complete system compromise potential with zero authentication barriers.

WordPress RCE File Upload +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy