← voltar
CVE-2025-30996

Arbitrary File Upload Vulnerability in WordPress themes by Themify

CVSS 9.9 CRITICALEPSS 0.4%CWE-434
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Themify · BloggieThemify · PhotoboxThemify · RezoThemify · SlideThemify · Themify EdminThemify · Themify FoloThemify · Themify NewsyThemify · Themify Sidepane WordPress ThemeThemify · Wigi

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve