CVE-2026-40749
Deferred Deferred - Pending Action
Subscriber Arbitrary File Upload in Charity Zone

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-40749
EUVD
EUVD-2026-37601
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
charity_zone subscriber_arbitrary_file_upload 1.1.1
patchstack charity_zone_theme to 1.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your website by attackers. They could upload malicious files that compromise the site's integrity, confidentiality, and availability. This could lead to data breaches, defacement, or complete takeover of the website.

Executive Summary

The WordPress Charity Zone Theme, versions 1.1.1 and below, contains an Arbitrary File Upload vulnerability. This means attackers can upload malicious files, such as backdoors, to a website using this theme. Exploiting this flaw can allow unauthorized access to the affected website.

Detection Guidance

This vulnerability involves an arbitrary file upload issue in the Charity Zone WordPress theme versions 1.1.1 and below. Detection typically involves checking for unauthorized or suspicious file uploads on the affected website.

While specific commands are not provided in the available resources, common detection methods include scanning the web server directories for recently added or modified files, especially PHP or other executable files that were not part of the original theme.

Network detection might involve monitoring HTTP requests for suspicious POST requests that attempt to upload files to the server.

Mitigation Strategies

The immediate recommended step is to update the Charity Zone WordPress theme to version 1.1.2 or later, which contains the fix for this arbitrary file upload vulnerability.

Until the update can be applied, it is advised to implement the mitigation rule provided by Patchstack to block attacks exploiting this vulnerability.

Compliance Impact

The vulnerability allows attackers to upload arbitrary malicious files, including backdoors, potentially leading to unauthorized access to websites. Such unauthorized access could result in exposure or compromise of sensitive personal or health data, which may impact compliance with regulations like GDPR and HIPAA that require protection of personal and health information.

Because the vulnerability has a high severity score (9.9) and can be exploited remotely without user interaction, it poses a significant risk to data confidentiality, integrity, and availability, all of which are critical factors in regulatory compliance.

Therefore, failure to promptly patch or mitigate this vulnerability could lead to non-compliance with data protection standards that mandate safeguarding against unauthorized access and data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40749. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart