CVE-2026-27043

HIGH

WordPress Photography theme <= 7.7.5 - Arbitrary File Upload vulnerability

Title source: cna

Description

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through < 7.7.6.

References (2)

Scores

CVSS v3 7.2
EPSS 0.0002
EPSS Percentile 5.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (2)
ThemeGoods/Photography < 7.7.5
ThemeGoods/Photography < 7.7.6
Published Mar 19, 2026
Tracked Since Mar 19, 2026