CVE-2025-30996
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Description
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.
Analysis
Multiple Themify WordPress themes (Sidepane, Newsy, Folo, Edmin, Bloggie, Photobox, Wigi, Rezo, Slide) allow authenticated users to upload web shells. Low privileges sufficient, scope change to OS-level code execution. Affects 9 themes simultaneously.
Technical Context
The themes share a common file upload handler that does not validate file types (CWE-434). Any authenticated WordPress user (including subscribers) can upload PHP web shells that execute with the web server's privileges. The scope change indicates OS-level access beyond WordPress.
Affected Products
Themify themes: Sidepane (<=1.9.8), Newsy (<=1.4.7), Folo (<=2.1.5), Edmin (<=1.4.7), Bloggie (<=2.2.3), Photobox (<=1.3.3), Wigi (<=1.3.8), Rezo (<=1.4.6), Slide (<=2.4.1)
Remediation
Update all Themify themes to their latest versions. Block PHP file uploads in wp-content/uploads via server configuration. Audit for existing web shells.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today