Impact
The vulnerability is an arbitrary file upload flaw that allows a subscriber-level user to upload files via the Grip theme. By uploading a malicious PHP payload and triggering plugin activation or deactivation, the attacker can execute code on the affected WordPress site. The issue is classified under CWE‑434, indicating an insecure file upload weakness that can lead to full system compromise.
Affected Systems
The attack affects the Zidithemes Grip theme, versions 1.0.9 and earlier.
Risk and Exploitability
The vulnerability receives a CVSS score of 9.9, indicating critical severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote; an attacker needs authenticated access as a subscriber to trigger the upload and plugin management operations, after which arbitrary code execution is possible.
OpenCVE Enrichment