CVE-2025-68910
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68910
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
blazethemes blogzee to 1.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68910 is an Arbitrary File Upload vulnerability in the WordPress Blogzee Theme (versions up to 1.0.5). It allows attackers with at least Subscriber or Developer privileges to upload malicious files, including backdoors, to a website. These files can be executed to gain unauthorized access and control over the site. The vulnerability is classified under OWASP Top 10 A1: Broken Access Control and has a critical CVSS score of 9.9. [1]

Impact Analysis

This vulnerability can lead to severe security risks including unauthorized access to your website, execution of malicious code, and potential full site compromise. Attackers can upload backdoors that allow them to maintain persistent access, steal data, deface the site, or use the site for further attacks. Since no official fix is available, the threat remains unless mitigated by applying Patchstack's mitigation rule or removing the vulnerable theme. [1]

Detection Guidance

Detection involves checking for the presence of the vulnerable Blogzee Theme version 1.0.5 or earlier on your WordPress site and monitoring for any unauthorized file uploads, especially files with dangerous types or backdoors. Since the vulnerability requires at least Subscriber or Developer privileges to exploit, reviewing user activity logs for suspicious upload actions can help. Specific commands are not provided, but you can inspect the theme version via WordPress admin or by checking the theme's style.css file. Additionally, monitoring web server logs for unusual POST requests to upload endpoints related to the Blogzee theme may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks exploiting this vulnerability until an official fix is released. If applying the mitigation is not possible, users should remove and replace the vulnerable Blogzee theme version 1.0.5 or earlier immediately. Simply deactivating the theme is insufficient unless the mitigation rule is also applied. These steps help prevent exploitation while awaiting an official patch. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68910. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart