Impact
The vulnerability allows an attacker to upload arbitrary files to the Restaurant Zone theme up to version 0.7.8. This flaw, classified as CWE‑434, can permit the execution of malicious code on the WordPress site, potentially compromising the entire server. The impact extends to confidentiality, integrity, and availability of the affected infrastructure if successful exploitation occurs.
Affected Systems
The issue affects installations of the Restaurant Zone theme developed by themagnifico52 for WordPress where the version is 0.7.8 or lower. Updating to 0.7.9 or later removes the upload functionality flaw. No other products or versions are listed as affected.
Risk and Exploitability
The CVSS score of 9.9 indicates an extremely high severity, and the vulnerability is not currently listed in the CISA KEV catalog. Because the EPSS score is not available, the exact exploitation probability cannot be determined, but the flaw is actionable for any user who can reach the upload interface. The attack vector is likely a web-based file upload by a subscriber or potentially unauthenticated user, depending on site configuration. Given the nature of the flaw, if the uploaded file is executable code, an attacker can run arbitrary commands on the server, leading to full site compromise.
OpenCVE Enrichment