CVE-2025-68553
Received Received - Intake
Unrestricted File Upload in Lendiz ≀ 2.0.1 Enables Web Shell Upload

Publication date: 2026-03-05

Last updated on: 2026-03-05

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68553
EUVD
EUVD-2025-208301
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zozothemes lendiz to 2.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68553 is an Arbitrary File Upload vulnerability in the WordPress Lendiz Theme versions prior to 2.0.1.

This vulnerability allows an attacker to upload any type of file, including dangerous files like web shells, to a website using the vulnerable theme.

Once uploaded, these files can be executed by the attacker to gain unauthorized access and control over the website.

The vulnerability is classified under OWASP Top 10 category A3: Injection and has a critical CVSS score of 9.9.

It requires only subscriber-level privileges to exploit, making it easier for attackers to leverage.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your website.

Attackers can upload backdoors or web shells, which allow them to execute arbitrary commands, manipulate website content, steal data, or use the site as a platform for further attacks.

Such unauthorized control can lead to website defacement, data breaches, loss of customer trust, and potential downtime.

Because the vulnerability requires only subscriber-level access, it increases the risk that even low-privileged users can compromise the site.

Compliance Impact

I don't know

Detection Guidance

This vulnerability allows an attacker to upload arbitrary files, including web shells, to a website using the vulnerable Lendiz theme. Detection can involve scanning the web server for unexpected or suspicious files, especially those that could be web shells.

Specific commands are not provided in the available resources, but common approaches include:

  • Searching the web server directories for recently added or modified files with suspicious extensions (e.g., .php, .phtml) that could be web shells.
  • Using file integrity monitoring tools to detect unauthorized file uploads.
  • Reviewing web server logs for unusual POST requests or file upload activity targeting the Lendiz theme upload endpoints.
Mitigation Strategies

The primary immediate mitigation step is to update the Lendiz theme to version 2.0.1 or later, where the vulnerability has been patched.

Until the update can be applied, it is recommended to implement the mitigation rule provided by Patchstack that can block attacks exploiting this vulnerability.

Additionally, consider using automated vulnerability mitigation services offered by Patchstack to help secure the WordPress site against exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68553. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart