PatchSiren cyber security CVE debrief
CVE-2026-40750 themagnifico52 CVE debrief
A critical vulnerability was discovered in the Kids Online Store theme, affecting versions from n/a through 0.8.9. This vulnerability, classified as CWE-434, allows for the unrestricted upload of files with dangerous types, potentially enabling attackers to upload a web shell to a web server. The vulnerability has a CVSS score of 9.9 and is considered critical.
- Vendor
- themagnifico52
- Product
- Kids Online Store
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Administrators and users of the Kids Online Store theme, particularly those using versions from n/a through 0.8.9, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an unrestricted upload of files with dangerous types in the Kids Online Store theme. This could allow an attacker to upload a web shell to a web server, potentially leading to arbitrary code execution.
Defensive priority
High
Recommended defensive actions
- Update the Kids Online Store theme to a version that is not vulnerable.
- Restrict file uploads to only allow specific, safe file types.
- Implement additional security measures, such as web application firewalls and intrusion detection systems, to detect and prevent potential attacks.
Evidence notes
The vulnerability was reported by [email protected] and has been documented in the CVE record and NVD detail pages.
Official resources
-
CVE-2026-40750 CVE record
CVE.org
-
CVE-2026-40750 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40750 was published on 2026-06-16T12:16:26.243Z and has not been modified since then.