CVE-2025-30996 (GCVE-0-2025-30996)

Vulnerability from cvelistv5 – Published: 2026-01-06 20:56 – Updated: 2026-01-06 21:05
VLAI?
Title
Arbitrary File Upload Vulnerability in WordPress themes by Themify
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.
Severity ?
9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
Themify Themify Sidepane WordPress Theme Affected: n/a , ≤ 1.9.8 (custom)
Create a notification for this product.
    Themify Themify Newsy Affected: n/a , ≤ 1.9.9 (custom)
Create a notification for this product.
    Themify Themify Folo Affected: n/a , ≤ 1.9.6 (custom)
Create a notification for this product.
    Themify Themify Edmin Affected: n/a , ≤ 2.0.0 (custom)
Create a notification for this product.
    Themify Bloggie Affected: n/a , ≤ 2.0.8 (custom)
Create a notification for this product.
    Themify Photobox Affected: n/a , ≤ 2.0.1 (custom)
Create a notification for this product.
    Themify Wigi Affected: n/a , ≤ 2.0.1 (custom)
Create a notification for this product.
    Themify Rezo Affected: n/a , ≤ 1.9.7 (custom)
Create a notification for this product.
    Themify Slide Affected: n/a , ≤ 1.7.5 (custom)
Create a notification for this product.
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T21:04:53.034028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T21:05:12.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Themify Sidepane WordPress Theme",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "1.9.8",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Themify Newsy",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "1.9.9",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Themify Folo",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "1.9.6",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Themify Edmin",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "2.0.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Bloggie",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "2.0.8",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Photobox",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "2.0.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Wigi",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "2.0.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Rezo",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "1.9.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Slide",
          "vendor": "Themify",
          "versions": [
            {
              "lessThanOrEqual": "1.7.5",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.\u003cp\u003eThis issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.\u003c/p\u003e"
            }
          ],
          "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-650",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-650 Upload a Web Shell to a Web Server"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T20:56:29.336Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary File Upload Vulnerability in WordPress themes by Themify",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-30996",
    "datePublished": "2026-01-06T20:56:29.336Z",
    "dateReserved": "2025-03-26T09:22:48.161Z",
    "dateUpdated": "2026-01-06T21:05:12.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30996\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2026-01-06T21:15:42.560\",\"lastModified\":\"2026-01-08T18:09:23.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30996\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-06T21:04:53.034028Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T21:05:03.159Z\"}}], \"cna\": {\"title\": \"Arbitrary File Upload Vulnerability in WordPress themes by Themify\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program\"}], \"impacts\": [{\"capecId\": \"CAPEC-650\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-650 Upload a Web Shell to a Web Server\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Themify\", \"product\": \"Themify Sidepane WordPress Theme\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.9.8\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Themify Newsy\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.9.9\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Themify Folo\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.9.6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Themify Edmin\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Bloggie\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0.8\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Photobox\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Wigi\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Rezo\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.9.7\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Themify\", \"product\": \"Slide\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.7.5\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.\u003cp\u003eThis issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2026-01-06T20:56:29.336Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30996\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-06T21:05:12.393Z\", \"dateReserved\": \"2025-03-26T09:22:48.161Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2026-01-06T20:56:29.336Z\", \"assignerShortName\": \"Patchstack\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.