CVE-2026-1555

Source
https://cve.org/CVERecord?id=CVE-2026-1555
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1555.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1555
Published
2026-04-15T03:37:20.474Z
Modified
2026-07-08T07:59:50.433409424Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
Details

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1555.json",
    "cna_assigner": "Wordfence",
    "cwe_ids": [
        "CWE-434"
    ]
}
References

Affected packages

Git / github.com/owen0o0/webstack

Affected ranges

Type
GIT
Repo
https://github.com/owen0o0/webstack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2024"
        }
    ]
}

Affected versions

1.*
1.0
1.0906
1.1024
1.1026
1.1029
1.1117
1.1121
1.1125
1.1202
1.1208
1.1208.1
1.1217
1.1229
1.1315
1.1422
1.15.97
1.1522
1.1620
1.1725
1.1820
1.1821
1.1822
1.1824
1.2024

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1555.json"