Primary

Context

WordPress Appointment Theme Cross-Site Request Forgery Vulnerability Allowing Arbitrary File Upload

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Appointment theme, specifically in versions through 3.5.5. This vulnerability allows attackers to trick users with higher privileges into uploading a web shell to the server, potentially leading to unauthorized access or control.

Impact

Exploitation of this vulnerability could enable a malicious actor to upload a web shell to the server, allowing for arbitrary code execution or unauthorized access.

Remediation

Users are advised to update the Appointment theme to the latest version. If unable to update, consult with your hosting provider or web developer for assistance.

Added: Apr 8, 2026, 10:35 AM

Updated: Apr 8, 2026, 10:35 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Appointment Theme Cross-Site Request Forgery Vulnerability Allowing Arbitrary File Upload

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating