WebStack theme for WordPress all versions <= 1.2024
Summary
This vulnerability occurs due to missing file type validation in the io_img_upload() function of the WebStack WordPress theme. It allows unauthenticated attackers to upload arbitrary files to the affected site's server, enabling full remote code execution. All versions up to and including 1.2024 are impacted by this flaw.
Remediation
Update the WebStack theme to a patched version if one is available. If no patch has been released, remove the theme from your WordPress installation immediately. Audit your server for existing malicious files and unauthorized activity after remediation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.