EIP-2026-109638

This exploit demonstrates a CSRF vulnerability in multiple Orange Themes for WordPress, allowing unauthorized file uploads via a crafted form submission. The uploaded file can be accessed in the WordPress uploads directory, potentially leading to remote code execution if a malicious file is uploaded.