CVE-2026-40750
Deferred Deferred - Pending Action

Unrestricted File Upload in Kids Online Store

Vulnerability report for CVE-2026-40750, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Patchstack

Description

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack kids_online_store From 0.0.0 (inc) to 0.8.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the Kids Online Store WordPress theme (version 0.8.9 and below) is an Arbitrary File Upload issue. It allows attackers to upload dangerous files, such as web shells or backdoors, to a web server. This means an attacker can gain unauthorized access to the website by exploiting this flaw.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your website by attackers. They could upload malicious files that act as backdoors, allowing them to control or manipulate your site. The vulnerability has a very high severity score of 9.9, indicating it can lead to complete compromise of confidentiality, integrity, and availability of the affected system.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability.

  • Update the Kids Online Store theme to version 0.9.0 or later to resolve the issue.
  • Apply the mitigation rule provided by Patchstack to block attacks until the update is applied.
Compliance Impact

The vulnerability allows attackers to upload malicious files such as web shells, potentially leading to unauthorized access to the web server and sensitive data.

Such unauthorized access and potential data breaches could result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.

Therefore, exploitation of this vulnerability could lead to violations of data protection requirements, risking legal and regulatory consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40750. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart