CVE-2025-68549
Unrestricted File Upload in Wiguard Allows Remote Code Execution
Publication date: 2026-02-20
Last updated on: 2026-02-25
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zozothemes | wiguard | to 2.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68549 is a critical Arbitrary File Upload vulnerability in the WordPress Wiguard Theme versions prior to 2.0.1.
This vulnerability allows a malicious user with only subscriber-level privileges to upload arbitrary files, including dangerous files such as web shells, to the affected website.
Because of this, an attacker can execute unauthorized code on the server, potentially taking full control of the website.
The vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS score of 9.9, indicating a critical risk.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized code execution on your web server.
An attacker can upload malicious backdoors or web shells, which can lead to full website compromise.
This can result in data theft, defacement, loss of service, or further exploitation of your server and network.
Since the vulnerability requires only subscriber-level access, it is particularly dangerous and easy to exploit.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows a malicious actor with subscriber-level privileges to upload arbitrary files, including web shells, to the affected WordPress Wiguard Theme versions prior to 2.0.1. Detection can focus on identifying unauthorized file uploads or suspicious files on the web server.'}, {'type': 'list_item', 'content': 'Check the uploads directory or other writable directories for unexpected or suspicious files, especially PHP files or web shells.'}, {'type': 'list_item', 'content': "Use commands like 'find' on the server to locate recently added or modified files with executable extensions, for example: find /path/to/wordpress/wp-content/uploads -type f -name '*.php' -mtime -7"}, {'type': 'list_item', 'content': "Review web server logs for unusual POST requests or file upload attempts targeting the theme's upload functionality."}, {'type': 'list_item', 'content': 'Use security tools or scanners that can detect web shells or arbitrary file uploads.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary and most effective mitigation step is to update the WordPress Wiguard Theme to version 2.0.1 or later, where this vulnerability is patched.
Until the update can be applied, use Patchstack mitigation rules which are designed to block exploitation attempts targeting this vulnerability.
Additionally, restrict subscriber-level privileges if possible, monitor for suspicious file uploads, and review server logs regularly.