CVE-2026-40750NVD

Vulnerability Summary

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server.

This issue affects Kids Online Store: from n/a through 0.8.9.

Severity Level

CRITICAL(9.9)

Published Date

Jun 16, 2026

Last Modified

Jun 16, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-434: Unrestricted File Upload ↗

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://patchstack.com/database/wordpress/theme/kids-online-store/vulnerability/wordpress-kids-online-store-theme-0-8-9-arbitrary-file-upload-vulnerability?_s_id=cve