CVE-2025-67924
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Corpkit theme. It affects all WordPress installations using Corpkit theme versions up to and including 2.0. Attackers can achieve remote code execution and full server compromise.
💻 Affected Systems
- WordPress Corpkit Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover with data exfiltration, ransomware deployment, and use as pivot point for lateral movement within the network.
Likely Case
Web shell upload leading to website defacement, data theft, and backdoor persistence on the server.
If Mitigated
File upload attempts blocked at WAF level with no successful exploitation.
🎯 Exploit Status
Simple HTTP POST request with malicious file upload. Public exploit details available on security databases.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: >2.0
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/corpkit/vulnerability/wordpress-corpkit-theme-2-0-arbitrary-file-upload-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Update Corpkit theme to latest version via WordPress admin panel. 2. Verify theme version is >2.0. 3. Clear WordPress cache if applicable.
🔧 Temporary Workarounds
WAF File Upload Filtering
allConfigure web application firewall to block uploads of executable file types to WordPress upload directories.
# Example ModSecurity rule: SecRule FILES_TMPNAMES "@rx \.(php|phtml|php3|php4|php5|php7|phar|pl|py|jsp|asp|aspx|sh|bash|cmd|bat)$" "deny,status:403,id:1001"
File Upload Directory Restrictions
linuxConfigure server to prevent execution of uploaded files in WordPress upload directories.
# Apache: <Directory /wp-content/uploads> php_flag engine off </Directory>
# Nginx: location ~* /wp-content/uploads/.*\.(php|phtml|php3|php4|php5|php7|phar)$ { deny all; }
🧯 If You Can't Patch
- Disable or remove the Corpkit theme entirely and switch to a secure alternative.
- Implement strict file upload validation at application level with whitelisted extensions only.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Corpkit theme version. If version is 2.0 or lower, system is vulnerable.Check Version:
wp theme list --field=name,version --status=active | grep -i corpkitVerify Fix Applied:
Confirm theme version is >2.0 in WordPress admin panel and test file upload functionality with malicious extensions.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/themes/corpkit/ upload endpoints
- File uploads with .php, .phtml, .phar extensions to upload directories
- Unusual file creation in wp-content/uploads/
Network Indicators:
- POST requests with file uploads to Corpkit theme endpoints
- Subsequent HTTP requests to newly uploaded suspicious files
SIEM Query:
source="web_server" (method="POST" AND uri_path="/wp-content/themes/corpkit/*" AND file_extension IN ("php", "phtml", "phar", "jsp", "asp"))