CVE-2025-30996
Gravedad CVSS v3.1:
CRÍTICA
Tipo:
CWE-434
Subida sin restricciones de ficheros de tipos peligrosos
Fecha de publicación:
06/01/2026
Última modificación:
06/01/2026
Descripción
*** Pendiente de traducción *** Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.
Impacto
Puntuación base 3.x
9.90
Gravedad 3.x
CRÍTICA
Referencias a soluciones, herramientas e información
- https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve