Description
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6.
Published: 2026-03-19
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Upload leading to potential remote code execution
Action: Patch
AI Analysis

Impact

Exploiting the Photography theme’s upload feature, an attacker can upload files of any type without proper validation. This unrestricted file upload coupled with path traversal enables the attacker to place malicious code on the server, which can then be executed, granting compromise of confidentiality, integrity, and availability. The weakness corresponds to the standard file‑upload vulnerability enumeration.

Affected Systems

ThemeGoods Photography WordPress theme versions earlier than 7.7.6 are affected. Site owners using any older release of this theme are exposed to the described risk.

Risk and Exploitability

The vulnerability receives a CVSS score of 7.2, indicating a high severity classification, and an EPSS score below 1%, suggesting that exploitation is presently uncommon. The issue is not listed in the national Known Exploited Vulnerabilities catalog. The likely attack vector involves the theme’s web‑based upload form; the attacker submits a crafted file that bypasses type checks, potentially leveraging path traversal to place it in a location that can be executed by the webserver.

Generated by OpenCVE AI on April 7, 2026 at 10:50 UTC.

Remediation

Vendor Solution

Update the WordPress Photography theme to the latest available version (at least 7.7.6).

OpenCVE Recommended Actions

  • Upgrade the Photography theme to version 7.7.6 or later.

Generated by OpenCVE AI on April 7, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through <= 7.7.5. Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6.
Title WordPress Photography theme <= 7.7.5 - Arbitrary File Upload vulnerability WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a through 7.7.5. Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through <= 7.7.5.
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Themegoods
Themegoods photography
Wordpress
Wordpress wordpress
Vendors & Products Themegoods
Themegoods photography
Wordpress
Wordpress wordpress

Thu, 19 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a through 7.7.5.
Title WordPress Photography theme <= 7.7.5 - Arbitrary File Upload vulnerability
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Themegoods Photography
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-07T09:10:37.740Z

Reserved: 2026-02-17T13:23:18.876Z

Link: CVE-2026-27043

cve-icon Vulnrichment

Updated: 2026-03-19T15:07:49.390Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T15:16:24.083

Modified: 2026-04-07T10:16:03.797

Link: CVE-2026-27043

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:01:28Z

Weaknesses