CVE-2025-68555
Unrestricted File Upload in Nutrie β€ 2.0.1 Enables Web Shell Upload
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zozothemes | nutrie | to 2.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68555 is a high-severity arbitrary file upload vulnerability in the WordPress Nutrie Theme versions prior to 2.0.1.
This vulnerability allows an attacker with subscriber-level privileges to upload any type of file to the website, including malicious backdoors or web shells.
Once uploaded, these malicious files can be executed to gain unauthorized access to the web server, posing a critical security risk.
The vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS score of 9.9, indicating extreme danger and high likelihood of exploitation.
How can this vulnerability impact me? :
This vulnerability can allow attackers to upload and execute malicious files such as web shells on your web server.
Attackers can use these backdoors to gain unauthorized access, potentially leading to data theft, website defacement, or complete server compromise.
Since the vulnerability requires only subscriber-level access, it is particularly dangerous for WordPress sites using the Nutrie Theme before version 2.0.1.
Immediate updating to version 2.0.1 or later is necessary to mitigate this risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker with subscriber-level privileges to upload arbitrary files, including web shells, to the affected WordPress Nutrie Theme versions prior to 2.0.1.'}, {'type': 'paragraph', 'content': 'Detection can involve scanning the web server for unexpected or suspicious files, especially web shells or files with unusual extensions in the upload directories.'}, {'type': 'paragraph', 'content': "Since the vulnerability involves arbitrary file uploads, monitoring for newly created files in the theme's upload directories or unusual HTTP POST requests to upload endpoints can help detect exploitation attempts."}, {'type': 'list_item', 'content': 'Use commands like `find /path/to/wordpress/wp-content/themes/nutrie/uploads -type f -mtime -7` to list files uploaded in the last 7 days.'}, {'type': 'list_item', 'content': 'Check web server logs for suspicious POST requests targeting upload endpoints, e.g., `grep POST /var/log/apache2/access.log | grep upload`.'}, {'type': 'list_item', 'content': 'Scan for known web shell signatures using tools like `rkhunter` or `clamscan`.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary and immediate mitigation step is to update the Nutrie Theme to version 2.0.1 or later, where this vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Until the update can be applied, it is recommended to use Patchstack's automatic mitigation rule which blocks attacks targeting this vulnerability, providing rapid protection."}, {'type': 'paragraph', 'content': 'Additionally, review and restrict subscriber-level privileges if possible, monitor for suspicious file uploads, and scan the website for any existing malicious files.'}] [1]