A vulnerability, which was classified as critical , was found in themagnifico52 Kids Gift Shop Plugin up to 0.5.4 on WordPress. This affects an unknown part. Such manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2026-40748 . The attack can be launched remotely. No exploit exists.