PHP CVE-2025-68909
CRITICALCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5.
AnalysisAI
Blogistic WordPress theme by blazethemes has an unrestricted file upload vulnerability enabling attackers to deploy web shells for persistent server access.
Technical ContextAI
The Blogistic theme has a CWE-434 unrestricted file upload — the third blazethemes product with this same vulnerability pattern (after Blogmatic and News Event), confirming a shared vulnerable upload component across all blazethemes products.
Affected ProductsAI
blazethemes Blogistic WordPress theme
RemediationAI
Update the theme. Audit all blazethemes products for the same vulnerability.
More from same product – last 7 days
Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers t
Unauthenticated arbitrary file upload in the BookingPress Pro WordPress plugin (versions ≤5.6) enables remote code execu
Authentication bypass in the Login with OTP plugin for WordPress (all versions up to and including 1.6) lets unauthentic
Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and incl
Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and
Share
External POC / Exploit Code
Leaving vuln.today