LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-27540

CVE-2026-27540 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: March 19, 2026

Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture - Unrestricted File Upload

Published: March 19, 2026Updated: March 19, 2026KEVPoC AvailableRemote Exploitable

Overview

Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture <= 2.0.3.1 contains an unrestricted file upload vulnerability caused by insufficient validation of uploaded file types, letting attackers upload malicious files remotely, exploit requires no special privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.0
EPSS Score: 1.7%(Probability of exploitation in next 30 days)

Impact

Attackers can upload malicious files, potentially leading to remote code execution or server compromise.

Mitigation

Update to the latest version beyond 2.0.3.1.

References

Social Media Activity(2 posts)

Offensive Sequence
Offensive Sequence
@offseq
Mar 19, 2026

šŸšØ CVE-2026-27540 (CVSS 9.0): Woocommerce Wholesale Lead Capture plugin lets unauthenticated attackers upload malicious files ā€” remote code execution & full compromise possible. Disable plugin, enforce file type restrictions! https://radar.offseq.com/threat/cve-2026-27540-cwe-434-unrestricted-upload-of-file-64999286 #OffSeq #WordPress #Vuln

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 19, 2026

šŸ”“ CVE-2026-27540 - Critical (9) Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-27540/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

Related Resources

Details

CVE ID
CVE-2026-27540
Severity
Critical
CVSS Score
9.0
Type
unrestricted_file_upload
Status
unconfirmed
EPSS
1.7%
Social Posts
2

CWE

  • CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

1.7%Probability of exploitation in the next 30 days