Unrestricted File Upload Vulnerability in WPify WPify Woo Czech Plugin
CVE-2026-42748

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: WPify Woo Czech
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42748?

The WPify Woo Czech plugin has a vulnerability that allows attackers to upload files of dangerous types, potentially enabling the execution of malicious scripts on the web server. This flaw affects versions up to 5.4.1, where an unauthorized user can exploit the unrestricted file upload feature to gain control over the server through web shells, leading to severe security risks. It's crucial for users to update to the latest version to mitigate this vulnerability.

Affected Version(s)

WPify Woo Czech 0 <= 5.4.1

References

https://patchstack.com/database/Wordpress/Plugin/wpify-wo...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

kai63001 | Patchstack Bug Bounty Program

CVE-2026-42748 Data

JSON

WordPress

What is CVE-2026-42748?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit