CVE-2026-42748 is an unrestricted file upload vulnerability in the WPify Woo Czech WordPress plugin (wpify-woo) that allows attackers to upload web shells to web servers. The vulnerability affects all versions from unknown starting point through version 5.4.1 and earlier. This type of vulnerability enables attackers to gain unauthorized access and execute arbitrary code on the target server by uploading malicious files. The issue has been assigned a high criticality rating due to the potential for complete server compromise. Organizations using the affected plugin versions should update immediately or implement file upload restrictions as a temporary mitigation.