CVE-2025-68549
Awaiting Analysis Awaiting Analysis - Queue
Unrestricted File Upload in Wiguard Allows Remote Code Execution

Publication date: 2026-02-20

Last updated on: 2026-02-25

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68549
EUVD
EUVD-2025-207920
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zozothemes wiguard to 2.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68549 is a critical Arbitrary File Upload vulnerability in the WordPress Wiguard Theme versions prior to 2.0.1.

This vulnerability allows a malicious user with only subscriber-level privileges to upload arbitrary files, including dangerous files such as web shells, to the affected website.

Because of this, an attacker can execute unauthorized code on the server, potentially taking full control of the website.

The vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS score of 9.9, indicating a critical risk.

Impact Analysis

This vulnerability can have severe impacts including unauthorized code execution on your web server.

An attacker can upload malicious backdoors or web shells, which can lead to full website compromise.

This can result in data theft, defacement, loss of service, or further exploitation of your server and network.

Since the vulnerability requires only subscriber-level access, it is particularly dangerous and easy to exploit.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability allows a malicious actor with subscriber-level privileges to upload arbitrary files, including web shells, to the affected WordPress Wiguard Theme versions prior to 2.0.1. Detection can focus on identifying unauthorized file uploads or suspicious files on the web server.'}, {'type': 'list_item', 'content': 'Check the uploads directory or other writable directories for unexpected or suspicious files, especially PHP files or web shells.'}, {'type': 'list_item', 'content': "Use commands like 'find' on the server to locate recently added or modified files with executable extensions, for example: find /path/to/wordpress/wp-content/uploads -type f -name '*.php' -mtime -7"}, {'type': 'list_item', 'content': "Review web server logs for unusual POST requests or file upload attempts targeting the theme's upload functionality."}, {'type': 'list_item', 'content': 'Use security tools or scanners that can detect web shells or arbitrary file uploads.'}] [1]

Mitigation Strategies

The primary and most effective mitigation step is to update the WordPress Wiguard Theme to version 2.0.1 or later, where this vulnerability is patched.

Until the update can be applied, use Patchstack mitigation rules which are designed to block exploitation attempts targeting this vulnerability.

Additionally, restrict subscriber-level privileges if possible, monitor for suspicious file uploads, and review server logs regularly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68549. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart