DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-6518

High

Low Medium High Critical

8.8

CVSS Score

Published: Apr 18, 2026

Last Modified: Apr 18, 2026

CWE: CWE-434

Vulnerability Description

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_pages` capability (available to Editors and above) instead of `manage_options` (Administrators only), combined with a lack of proper validation on the user-supplied file URL and no verification of the downloaded file's content before extraction. This makes it possible for authenticated attackers, with Administrator-level access and above, to force the server to download and extract a malicious ZIP file from a remote attacker-controlled URL into a web-accessible directory (`wp-content/plugins/cmp-premium-themes/`), resulting in remote code execution. Due to the lack of a nonce for Editors, they are unable to exploit this vulnerability.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

8.8

out of 10.0

High

Weakness Type (CWE)

CWE-434 Top 25 #5

Unrestricted Upload of File with Dangerous Type

Description: The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Exploit Likelihood: Medium
Typical Severity: Medium
OWASP Top 10: A04:2021-Insecure Design
Abstraction Level: Base