Theme Egg ThemeEgg ToolKit CVE-2025-28915
CRITICALSeverity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit allows Upload a Web Shell to a Web Server. This issue affects ThemeEgg ToolKit: from n/a through 1.2.9.
AnalysisAI
ThemeEgg ToolKit plugin for WordPress (through 1.2.9) allows authenticated administrators to upload web shells via unrestricted file upload. The scope change makes this critical despite requiring admin privileges, as it enables OS-level code execution beyond the WordPress application.
Technical ContextAI
The plugin does not validate uploaded file types (CWE-434), allowing an authenticated administrator to upload a PHP web shell. While admin access is required, the scope change (S:C) indicates the attacker breaks out of the WordPress application to execute arbitrary OS commands.
Affected ProductsAI
ThemeEgg ToolKit for WordPress through 1.2.9
RemediationAI
Remove or update ThemeEgg ToolKit. Enforce MFA for WordPress admin accounts. Implement file upload validation at the server level. Monitor for new PHP files in upload directories.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today