What is the CVSS score of CVE-2025-62056?

CVE-2025-62056 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2025-62056?

A critical file upload vulnerability in the News Event plugin (versions ≤1.0.1) allows attackers to upload malicious files without restriction, potentially enabling complete system compromise.

How to fix or mitigate CVE-2025-62056?

Within 24 hours: Immediately disable the News Event plugin and audit all uploaded files for suspicious content. Within 7 days: Contact blazethemes for patch availability and timeline; if unavailable, evaluate alternative plugins or request vendor security update commitment. Within 30 days: Implement replacement solution, restore plugin only after verified patch deployment, and conduct security assessment of affected systems.

PHP CVE-2025-62056

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-01-22 audit@patchstack.com

PHP WordPress RCE Remote Code Execution

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 17:15 nvd

CRITICAL 9.9

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1.

AnalysisAI

News Event WordPress theme by blazethemes has an unrestricted file upload allowing web shell deployment and remote code execution.

Technical ContextAI

The News Event theme by blazethemes has a CWE-434 unrestricted file upload vulnerability identical in nature to the Blogmatic theme vulnerability (CVE-2025-62050).