CVE-2026-40750
Received Received - Intake
Unrestricted File Upload in Kids Online Store

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-40750
EUVD
EUVD-2026-37065
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack kids_online_store From 0.0.0 (inc) to 0.8.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Kids Online Store WordPress theme (version 0.8.9 and below) is an Arbitrary File Upload issue. It allows attackers to upload dangerous files, such as web shells or backdoors, to a web server. This means an attacker can gain unauthorized access to the website by exploiting this flaw.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your website by attackers. They could upload malicious files that act as backdoors, allowing them to control or manipulate your site. The vulnerability has a very high severity score of 9.9, indicating it can lead to complete compromise of confidentiality, integrity, and availability of the affected system.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability.

  • Update the Kids Online Store theme to version 0.9.0 or later to resolve the issue.
  • Apply the mitigation rule provided by Patchstack to block attacks until the update is applied.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40750. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart