CVE-2026-40746
Deferred Deferred - Pending Action
Subscriber Arbitrary File Upload in Restaurant Zone

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-40746
EUVD
EUVD-2026-37598
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
restaurant_zone subscriber_arbitrary_file_upload to 0.7.8 (inc)
patchstack restaurant_zone_theme to 0.7.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Restaurant Zone Theme, versions 0.7.8 and below, contains an Arbitrary File Upload vulnerability. This flaw allows attackers with Subscriber-level privileges to upload malicious files, such as backdoors, to the affected websites. Exploiting this vulnerability can lead to unauthorized access and control over the compromised site.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your website through uploaded malicious files. Attackers can use these files to execute further attacks, maintain persistent access, and potentially compromise sensitive data. The high CVSS score of 9.9 reflects the critical risk and potential damage from exploitation.

Mitigation Strategies

Immediate action is recommended to mitigate the Arbitrary File Upload vulnerability in the WordPress Restaurant Zone Theme versions 0.7.8 and below.

  • Update the theme to version 0.7.9 or later.
  • Apply the mitigation rule provided by Patchstack to block attacks until the update is applied.
Compliance Impact

The vulnerability allows attackers to upload arbitrary malicious files, including backdoors, potentially leading to unauthorized access to websites. Such unauthorized access and potential data breaches could impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

Because the vulnerability can lead to high confidentiality, integrity, and availability impacts (as indicated by the CVSS score), organizations using the affected theme should consider the risk of non-compliance due to possible data exposure or system compromise.

Immediate remediation by updating to version 0.7.9 or later is recommended to mitigate these risks and help maintain compliance.

Detection Guidance

This vulnerability involves an Arbitrary File Upload issue in the WordPress Restaurant Zone Theme versions 0.7.8 and below. Detection typically involves monitoring for suspicious file upload activity, especially from users with Subscriber-level privileges.

Since the vulnerability allows attackers to upload malicious files such as backdoors, you can scan your web server directories for recently added or modified files that are unusual or contain suspicious code.

Network detection can include monitoring HTTP POST requests to the theme's upload endpoints for unusual payloads or file types.

  • Use web server logs to identify POST requests from Subscriber-level accounts attempting file uploads.
  • Run commands to find recently modified or added files in your WordPress installation, for example:
  • find /path/to/wordpress/wp-content/themes/restaurant-zone/ -type f -mtime -7
  • Use grep to search for suspicious PHP code patterns (e.g., eval, base64_decode) in theme directories:
  • grep -r --include=*.php 'eval\|base64_decode' /path/to/wordpress/wp-content/themes/restaurant-zone/

Additionally, applying the mitigation rule provided by Patchstack can help block exploitation attempts until the theme is updated.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40746. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart