CVE-2025-30996 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2025-30996?

CVE-2025-30996 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using affected Themify themes. It enables remote code execution and complete server compromise. All WordPress installations using the listed Themify themes within the vulnerable version ranges are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using affected Themify themes. It enables remote code execution and complete server compromise. All WordPress installations using the listed Themify themes within the vulnerable version ranges are affected.

💻 Affected Systems

Products:

Themify Sidepane WordPress Theme
Themify Newsy
Themify Folo
Themify Edmin
Bloggie
Photobox
Wigi
Rezo
Slide

Versions: All versions up to and including: Sidepane 1.9.8, Newsy 1.9.9, Folo 1.9.6, Edmin 2.0.0, Bloggie 2.0.8, Photobox 2.0.1, Wigi 2.0.1, Rezo 1.9.7, Slide 1.7.5

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected themes are vulnerable. No special configuration required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining full administrative access, data exfiltration, ransomware deployment, and use as attack platform.

🟠

Likely Case

Web shell upload leading to website defacement, data theft, malware distribution, and backdoor persistence.

🟢

If Mitigated

Attack blocked at web application firewall level with file upload restrictions preventing malicious file execution.

🌐 Internet-Facing: HIGH - WordPress themes are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Internal WordPress installations could still be compromised if accessible to internal attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward - attackers can upload malicious files without authentication. Public proof-of-concept code exists in vulnerability databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions after those listed in affected versions

Vendor Advisory: https://themify.me/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for updates for affected Themify themes. 4. Update all affected themes to latest versions. 5. Verify updates completed successfully.

🔧 Temporary Workarounds

Disable affected themes

all

Temporarily switch to default WordPress theme until patches can be applied

wp theme activate twentytwentyfour --allow-root

Restrict file uploads via .htaccess

linux

Block execution of uploaded PHP files in uploads directory

Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Immediately disable all affected Themify themes and switch to secure alternatives
Implement web application firewall rules to block file uploads to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress theme versions in Appearance > Themes or use: wp theme list --fields=name,version,status

Check Version:

wp theme list --fields=name,version,status

Verify Fix Applied:

Confirm theme versions are above vulnerable ranges and test file upload functionality with restricted file types

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads directory
POST requests to theme-specific upload endpoints
Execution of PHP files from uploads directory

Network Indicators:

HTTP POST requests with file uploads to theme-specific paths
Unusual outbound connections from web server post-upload

SIEM Query:

source="web_server" AND (uri_path="/wp-content/themes/*/upload.php" OR uri_path CONTAINS "upload") AND http_method="POST" AND file_extension IN ("php", "phtml", "phar")

📊 Metadata

CVE ID: CVE-2025-30996

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.13% exploit probability (32.4th percentile)

Published: January 6, 2026

Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30996, you might also want to check these: