CVE-2026-24960
Received Received - Intake
Unrestricted File Upload in Charety ≀ 2.0.2 Enables Malicious Files

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24960
EUVD
EUVD-2026-9601
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zozothemes charety to 2.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24960 is a high-priority Arbitrary File Upload vulnerability affecting the WordPress Charety Theme versions prior to 2.0.2.

This vulnerability allows a malicious actor to upload any type of file, including dangerous files such as backdoors, to the affected website.

It is classified under OWASP Top 10 A3: Injection and can be exploited by users with subscriber or developer privileges.

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized execution of malicious code on your website.

Attackers can gain further access and control over the website, potentially compromising its integrity, confidentiality, and availability.

This can result in data breaches, defacement, or use of the website as a platform for further attacks.

Compliance Impact

I don't know

Detection Guidance

This vulnerability allows arbitrary file uploads, including malicious files such as backdoors, to the affected WordPress Charety Theme versions prior to 2.0.2.

Detection can involve checking for unexpected or suspicious files uploaded to the website directories, especially files with dangerous extensions or unexpected content.

Since the vulnerability requires subscriber or developer privileges to exploit, monitoring user activities and uploads for unusual behavior is also recommended.

Specific commands are not provided in the available resources, but common approaches include scanning the web server upload directories for recently added files with suspicious extensions or content, and reviewing web server logs for unusual POST requests related to file uploads.

Mitigation Strategies

The immediate mitigation step is to update the WordPress Charety Theme to version 2.0.2 or later, where the vulnerability has been patched.

Until the patch is applied, using the automatic mitigation rule provided by Patchstack can help block attacks targeting this vulnerability, offering rapid protection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24960. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart