PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-40749 themagnifico52 CVE debrief

A critical vulnerability (CVSS Score: 9.9) was discovered in the Charity Zone WordPress theme, version 1.1.1 and below. The vulnerability allows subscribers to upload arbitrary files, potentially leading to severe consequences. This issue was made public on June 17, 2026. Users of the affected theme should take immediate action to mitigate the risk.

Vendor
themagnifico52
Product
Charity Zone
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of the Charity Zone WordPress theme, version 1.1.1 and below, should be aware of this critical vulnerability and take necessary actions to secure their installations.

Technical summary

The CVE-2026-40749 vulnerability is a critical issue in the Charity Zone WordPress theme, allowing subscribers to upload arbitrary files. This could potentially lead to code execution, data breaches, or other malicious activities. The vulnerability has a CVSS score of 9.9, indicating a high severity level. The affected version is 1.1.1 and below.

Defensive priority

high

Recommended defensive actions

  • Update the Charity Zone WordPress theme to the latest version, if available.
  • Restrict file upload capabilities for subscribers.
  • Implement additional security measures, such as web application firewalls (WAFs) and intrusion detection systems (IDS).
  • Monitor website activity for suspicious file uploads.
  • Consider using a security plugin or service to detect and prevent arbitrary file uploads.
  • Review and update user roles and permissions to prevent unauthorized file uploads.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record was published on June 17, 2026, and the vulnerability has a CVSS score of 9.9.

Official resources

public