CVE-2025-68910
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| blazethemes | blogzee | to 1.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68910 is an Arbitrary File Upload vulnerability in the WordPress Blogzee Theme (versions up to 1.0.5). It allows attackers with at least Subscriber or Developer privileges to upload malicious files, including backdoors, to a website. These files can be executed to gain unauthorized access and control over the site. The vulnerability is classified under OWASP Top 10 A1: Broken Access Control and has a critical CVSS score of 9.9. [1]
How can this vulnerability impact me? :
This vulnerability can lead to severe security risks including unauthorized access to your website, execution of malicious code, and potential full site compromise. Attackers can upload backdoors that allow them to maintain persistent access, steal data, deface the site, or use the site for further attacks. Since no official fix is available, the threat remains unless mitigated by applying Patchstack's mitigation rule or removing the vulnerable theme. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of the vulnerable Blogzee Theme version 1.0.5 or earlier on your WordPress site and monitoring for any unauthorized file uploads, especially files with dangerous types or backdoors. Since the vulnerability requires at least Subscriber or Developer privileges to exploit, reviewing user activity logs for suspicious upload actions can help. Specific commands are not provided, but you can inspect the theme version via WordPress admin or by checking the theme's style.css file. Additionally, monitoring web server logs for unusual POST requests to upload endpoints related to the Blogzee theme may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks exploiting this vulnerability until an official fix is released. If applying the mitigation is not possible, users should remove and replace the vulnerable Blogzee theme version 1.0.5 or earlier immediately. Simply deactivating the theme is insufficient unless the mitigation rule is also applied. These steps help prevent exploitation while awaiting an official patch. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.