What is the CVSS score of CVE-2025-62050?

CVE-2025-62050 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2025-62050?

A critical file upload vulnerability (CVE-2025-62050, CVSS 9.9) affects Blogmatic versions up to 1.0.3, allowing attackers to upload and execute malicious files on affected systems.

How to fix or mitigate CVE-2025-62050?

Within 24 hours: Identify all instances of Blogmatic <= 1.0.3 in your environment and isolate affected systems from production networks if possible; disable the upload functionality if the platform supports it. Within 7 days: Implement Web Application Firewall (WAF) rules to restrict file uploads by type and size; enforce strict file validation on uploads; monitor upload directories for suspicious activity. Within 30 days: Plan for emergency patching as soon as vendor releases a fix; evaluate alternative blogging platforms; conduct forensic analysis of upload directories and access logs for evidence of exploitation.

PHP CVE-2025-62050

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-01-22 audit@patchstack.com

PHP WordPress RCE Remote Code Execution

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 17:15 nvd

CRITICAL 9.9

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3.

AnalysisAI

Blogmatic WordPress theme by blazethemes has an unrestricted file upload vulnerability allowing attackers to upload web shells for persistent server access.

Technical ContextAI

The Blogmatic theme has a CWE-434 unrestricted upload vulnerability that accepts dangerous file types without validation, allowing PHP file uploads that can be executed as web shells.

Affected ProductsAI

blazethemes Blogmatic WordPress theme

RemediationAI

Update the theme. Implement upload file type validation. Restrict PHP execution in upload directories.

More from same product – last 7 days

CVE-2026-7862 HIGH This Week POC

8.6 May 28

Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers t

CVE-2026-6960 CRITICAL Act Now

9.8 May 21

Unauthenticated arbitrary file upload in the BookingPress Pro WordPress plugin (versions ≤5.6) enables remote code execu

CVE-2026-8760 CRITICAL Act Now

9.8 May 27

Authentication bypass in the Login with OTP plugin for WordPress (all versions up to and including 1.6) lets unauthentic

CVE-2026-42727 CRITICAL Act Now

9.3 May 27

Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and incl

CVE-2026-42761 CRITICAL Act Now

9.3 May 27

Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and

CVE-2025-62050 vulnerability details – vuln.today

Back

PHP CVE-2025-62050

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code